I have log file like this:
11:00:00 jon nginx: AB [0.1222] 11:00:00 dan service cloud: CD F 11:00:00 dan mongo_DB: DCA
1) Match nginx: and service cloud: but only extract “nginx” and “service cloud”, not “:”
2) Regex match to whole part like this A but only want extract numbers between brackets like “1234”. (Between brackets have a different range of number N or K,..., And maybe have separator like [0.1222].)
Hi @ mehrdad_2000,
if I correctly understand, you want to extract the numbers between brackets, is it correct?
if this is your need, try this regex
that you can test at https://regex101.com/r/vVIUkL/1
Thank you for answer
But I want to get all “A” an “B” ... grouped in related column. In each line location of A are different.
This log is unstructured, and messy.
I need to get them wherever there are in each line and group them.
E.g. firstnum all A
Secondnum all B ...
Also some them separate by space others not. This is random
E.g. A BC
D B A
Firstnum | secondnum |
if you want to extract all the numbers after A and all the numbers after B without any order in your logs, you could use two different regexes, something like this:
your_search | rex "A\[(?<A_field>\d+)" | rex "B\[(?<B_field>\d+)" | table A B
That you can test at https://regex101.com/r/vVIUkL/2
This is exactly what I want, thank you so much.
In field extraction it work perfectly one by one, But when I write both of them like this:
A\[(?\d+) | B\[(?\d+)
separate them with pipe it match all
A but some of
Do have any idea about this?
Sorry but I cannot read you regex, please use the Code Sample button (1010101) otherwise I cannot help you.
You need to structure the
| correctly. See this example:
| makeresults | eval raw="foo=bar, bat=baz" | makemv raw | mvexpand raw | rename raw AS _raw | rex "(?:foo=(?<foo>\S+))|(?:bat=(?<bat>\S+))"