Re: What is a regular expression that ignores whit...

Lucas_Henry_ · ‎08-05-2016

I'm trying to write a regular expression that will find only the numbers in the string of text below:

MemTotal: 16328352 kB

I don't want the alphabetical or whitespace characters. I just want (in this example) "16328352".

I can't find a specification on a regular expression that will ignore certain data types, however.

sundareshr · ‎08-05-2016

You already have 4 options, why not one more 🙂 Try this

MemTotal:\s*(?<mem>\d+)"

somesoni2 · ‎08-05-2016

Give this a shot

MemTotal\:\s+(?<MemoryTotal>[^\s]+)

inventsekar · ‎08-05-2016

edit - tried this and its working good.

sourcetype=rexmemtotal | rex field=_raw "(MemTotal:\s+(?P<rexmemtotal>\d+))" | table rexmemtotal _raw

inventsekar · ‎08-05-2016

skoelpin · ‎08-05-2016

Try this

... | rex (?P<MemTotal>(?<=MemTotal\:\s)\d+(?=\s\w{2}))

Lucas_Henry_ · ‎08-05-2016

What would this look like if I were to plug it into the field extractor tool?

skoelpin · ‎08-05-2016

Like this

(?P<MemTotal>(?<=MemTotal\:\s)\d+(?=\s\w{2}))

Lucas_Henry_ · ‎08-05-2016

Still nothing, unfortunately.

If it helps, the amount of whitespace and the number of integers will vary between records.

skoelpin · ‎08-05-2016

Ahh yeah the amount of whitespace mattered, but this should work

(?P<MemTotal>MemTotal\:\s+(?<MemoryTotal>[^\s]+))

richgalloway · ‎08-05-2016

Try "MemTotal: (?<memTotal>\d+)".

---
If this reply helps you, Karma would be appreciated.

Lucas_Henry_ · ‎08-05-2016

No dice. It didn't extract anything.

richgalloway · ‎08-05-2016

Did you use it in a rex command?

---
If this reply helps you, Karma would be appreciated.

Lucas_Henry_ · ‎08-05-2016

No. I'm trying to use the field extractor because the info is for a non-dev unit

What is a regular expression that ignores whitespace and text, and captures only numbers of varying lengths?