Solved: Re: How to write the regex to extract this string ...

deenadp · ‎06-09-2016

Hi,

I would like to extract the strings between multiple delimiters as below.

INPUT : src=`D:\GENEOS Program Files\App\FILE_DC_BP_JOBS_APACHE_DISPLAY_1190FA52.log`

From the above I need to extract only JOBS_APACHE_DISPLAY.

Can you please help? I have tried with multiple regex options, but it also fetches additional strings.

Below is my attempt:

| eval log=replace(src,"([^\\\]+\\\)","")| eval Name=substr(log,1,len(log)-13)| eval Name=substr(Name,12,len(log))

req: need to display the strings between 3rd and 6th _ from

> FILE_DC_BP_JOBS_APACHE_DISPLAY_1190FA52.log

sundareshr · ‎06-09-2016

Try this

.... |  eval src=split(src, "_") | eval log=mvindex(src, 3)."_".mvindex(src, 4)."_".mvindex(src, 5)

woodcock · ‎06-13-2016

Like this:

... | rex field=src "(?:[^_]+_){3}(?<capture>[^_]+_[^_]+_[^_]+)_"

richgalloway · ‎06-09-2016

Since your question mentioned regex, here's a solution using rex

... | rex field=src "\w+_\w+_\w+_(?<log>\w+_\w+_\w+)_" | ...

---
If this reply helps you, Karma would be appreciated.

sundareshr · ‎06-09-2016

Try this

.... |  eval src=split(src, "_") | eval log=mvindex(src, 3)."_".mvindex(src, 4)."_".mvindex(src, 5)

axl88 · ‎06-09-2016

This should work as well as better regex with lookahead lookbehind.

deenadp · ‎06-09-2016

the values at the end "1190FA52.log" is not constant (not always 13 at end)

How to write the regex to extract this string between the 3rd and 6th underscores in my sample data?