用于匹配 Splunk 中特定单词的正则表达式
[英]Regular expression to match specific word in Splunk
问题描述
I have this type of log file:
我有这种类型的日志文件:
182.236.164.11 - - [04/Mar/2019:18:20:56] "GET /cart.do?action=addtocart&itemId=EST-15&productId=BS-AG-G09&JSESSIONID=SD6SL8FF10ADFF53101 HTTP 1.1" 200 2252 "http://www.buttercupgames.com/oldlink?itemId=EST-15" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_4) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.46 Safari/536.5" 506
I am trying to create a regular expression to only match the word Intel, regardless of the relative position of the string.我试图创建一个正则表达式来只匹配单词 Intel,而不管字符串的相对位置。
I have come up with this regular expression:我想出了这个正则表达式:
^[^;\n]*;\s+
But it doesn't always work as it will match other strings as well.但它并不总是有效,因为它也会匹配其他字符串。
I want to match the string Intel only so as to create a field in Splunk.我只想匹配字符串 Intel 以便在 Splunk 中创建一个字段。
Any inputs are welcome.欢迎任何输入。
1 个解决方案
解决方案1
0 2019-03-22 11:12:19
This query will do what you say you want, although I don't see the value of it.这个查询会做你说你想要的,虽然我没有看到它的价值。 If you say more about what your end goal is then I might be able to provide a better answer.如果您更多地说明您的最终目标是什么,那么我可能会提供更好的答案。
index=foo "Intel" | rex "(?<Intel>Intel)"
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.