I need some assistance coding a rex statement to extract data from events generated by a Powershell script.
Name Port Description Protocol Windows remote mgmt RPC 135 @FirewallAPI TCP Corenet-12345 421 TCP Port 75 and 443 UDP
I have two questions:
1) How do I extract non-contiguous characters into one capturing group (one for name and the other for port)
2) How do I handle cases where one or more fields are blank? (in this case, the port in the second row and both the port and description in the third row?
Thanks in advance for your help.
What options do you have to modify the generating PowerShell cmdlet or function?
We might be able to avoid having to use RegEx / rex altogether. Since the various, .Name, .Port, .Description and .Protocol are all properties of the object(s) returned by the calling PowerShell, you could consider formatting the output as CSV, XML or at least another delimited output that would be easier to parse with rex.
Does your data really look like that, with the fields always fixed length as you have shown, or can the fields be variable length?