I have the following REGEX to pickup the bytes out, ^(?:[^,\n]*,){31}(?P\d+)
. I need to know the REGEX to filter out a range of numbers as bytes out from 0-1400.
This regex string will match texts with 0-1400 in field 31. You can use it in transforms.conf to send matches to nullQueue.
"^(?:[^,]*?,){30}(\d{1,3}|1[0-3]\d{2}|1400),"
This regex string will match texts with 0-1400 in field 31. You can use it in transforms.conf to send matches to nullQueue.
"^(?:[^,]*?,){30}(\d{1,3}|1[0-3]\d{2}|1400),"
Thank you for your help!
Hi @babcolee
If the answer by @richgalloway solved your question, don't forget to resolve the post by clicking "Accept" directly under his answer and also upvote him for being helpful 🙂
Can you share some sample data and your expected results?
2016/02/25 19:14:20,010401000240,TRAFFIC,start,1,2016/02/25 19:14:20,0.1.2.3,4.5.6.7,8.9.10.11,12.13.14.15,Outbound Services,,,dns,vsys1,TRUST,UNTRUST,ethernet1/18.80,ethernet1/17.1000,All Syslog Servers -Includes VZ,2016/02/25 19:14:20,133312,1,63869,53,60901,53,0x400000,udp,allow,96,96,0,1,2016/02/25 19:14:21,0,any,0,13810046794,0x0,255.255.0.0-255.255.255.255,US,0,1,0,n/a
Comma separated log, field 31 is the bytes out number. If the number in field 31 is within the range of 0-1400, filter it out via setnull in the transforms.conf