Splunk Search
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
- Find Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- Re: How to catch end of line symbols with regex?
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
avasilievnko
Explorer
06-15-2018
04:32 AM
I have symbols that mean end of line
\r\n
Example of string:
D:\INSTALL\_SysinternalsSuite\processhacker-2.39-bin\x86\r\n
My regex looks like this
([a-zA-Z]:)(\\.*\\r\\n)
PS. log looks like this:
blablabla\r\n D:\INSTALL\_SysinternalsSuite\processhacker-2.39-bin\x86\r\n blablabla\r\n
I need catch only line like this
D:\INSTALL_SysinternalsSuite\processhacker-2.39-bin\x86\r\n
1 Solution
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
avasilievnko
Explorer
06-15-2018
06:08 AM
I win it with adding ? , it makes it non-greedy. regex: (?([a-zA-Z]:)(\.*?\r\n))
I can math only lines, like in the middle
blablabla\r\n D:\INSTALL_SysinternalsSuite\processhacker-2.39-bin\x86\r\n blablabla\r\n
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
avasilievnko
Explorer
06-15-2018
06:08 AM
I win it with adding ? , it makes it non-greedy. regex: (?([a-zA-Z]:)(\.*?\r\n))
I can math only lines, like in the middle
blablabla\r\n D:\INSTALL_SysinternalsSuite\processhacker-2.39-bin\x86\r\n blablabla\r\n
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
javiergn
Super Champion
06-15-2018
05:37 AM
What about the following regex:
(\w\:[^\r\n]+)
Regards,
J
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
avasilievnko
Explorer
06-15-2018
05:52 AM
It's catch all log file, but i should rich and of the line in strings like this:
D:\INSTALL_SysinternalsSuite\processhacker-2.39-bin\x86\r\n
(?([a-zA-Z]:)(\.*\r\n))
So that the following lines with \r\n are not caught
Need to stop regular expression at first match \r\n in line like this
D:\INSTALL_SysinternalsSuite\processhacker-2.39-bin\x86\r\n
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
avasilievnko
Explorer
06-15-2018
05:50 AM
its's better , but it catch other lines with \r\n
Full log
Jun 5 14:39:40 blabla-pc.blabla.bla bla|10.3.0.0 Результат: Помещено на карантин: not-a-virus:HEUR:AdWare.Script.Generic\r\nПользователь: BLA\i.blablabla (Активный пользователь)\r\nОбъект: C:\users\i.blablabla\appdata\local\Google\Chrome\User Data\Default\Cache\f_000244\r\n
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
FrankVl
Ultra Champion
06-15-2018
04:38 AM
By default . doesn't match newline characters. You can try using [\r\n.]* instead of .*.
Get Updates on the Splunk Community!
Dashboards: Hiding charts while search is being executed and other uses for tokens
There are a couple of features of SimpleXML / Classic dashboards that can be used to enhance the user ...
Splunk Observability Cloud's AI Assistant in Action Series: Explaining Metrics and ...
This is the fourth post in the Splunk Observability Cloud’s AI Assistant in Action series that digs into how ...
Brains, Bytes, and Boston: Learn from the Best at .conf25
When you think of Boston, you might picture colonial charm, world-class universities, or even the crack of a ...
