logs
source=/api/docker/docker-snapshot-demo/v2/pdap/pdap-validator-router/manifests/1.0.aws
source=/api/docker/docker-snapshot/v2/mode-date/mod-validator-router/manifests/1.0.aws
we want to extract the first occurrence of string that has min of 1 hyphen and max of 2 hyphens into separate filed. In above example, only "docker-snapshot-eis" and "docker-snapshot" should be extracted into different filed.
tried "\w*[-]\w*" and "\b\w*[-']\w*\b" but has challenge limiting to first occurrence and range specifier.
Hello @sreesh,
please try
^[^\-]+\/([^\/\-]+\-[^\/\-]+\-?[^\/\-]*)\/
Hello @sreesh,
please try
^[^\-]+\/([^\/\-]+\-[^\/\-]+\-?[^\/\-]*)\/
it worked, thanks Pavel
Doing inline field extraction using rex. The output is a bit different
source=request.log | rex "(?^[^-]+\/([^\/-]+-[^\/-]+-?[^\/-])\/)" | stats count by Repo
output
20200513125800|0|REQUEST| 10.20.39.233 |non_authenticated_user|GET|/api/docker/docker-login/
while I require only docker-login in Repo filed. Other files already extracted using delimeter
the Resource field value is /api/docker/docker-login/
@sreesh for inline regex use
| rex field=source "^[^\-]+\/(?<Repo>[^\/\-]+\-[^\/\-]+\-?[^\/\-]*)\/"