Regex to get the words after matching string

前端 未结 6 1023
予麋鹿
予麋鹿 2020-11-27 02:33

Below is the content:

Subject:
    Security ID:        S-1-5-21-3368353891-1012177287-890106238-22451
    Account Name:       ChamaraKer
    Account Domain:          


        
相关标签:
6条回答
  • 2020-11-27 03:13

    The following should work for you:

    [\n\r].*Object Name:\s*([^\n\r]*)
    

    Working example

    Your desired match will be in capture group 1.


    [\n\r][ \t]*Object Name:[ \t]*([^\n\r]*)
    

    Would be similar but not allow for things such as " blah Object Name: blah" and also make sure that not to capture the next line if there is no actual content after "Object Name:"

    0 讨论(0)
  • 2020-11-27 03:14

    But I need the match result to be ... not in a match group...

    For what you are trying to do, this should work. \K resets the starting point of the match.

    \bObject Name:\s+\K\S+
    

    You can do the same for getting your Security ID matches.

    \bSecurity ID:\s+\K\S+
    
    0 讨论(0)
  • 2020-11-27 03:20

    You're almost there. Use the following regex (with multi-line option enabled)

    \bObject Name:\s+(.*)$
    

    The complete match would be

    Object Name:   D:\ApacheTomcat\apache-tomcat-6.0.36\logs\localhost.2013-07-01.log
    

    while the captured group one would contain

    D:\ApacheTomcat\apache-tomcat-6.0.36\logs\localhost.2013-07-01.log
    

    If you want to capture the file path directly use

    (?m)(?<=\bObject Name:).*$
    
    0 讨论(0)
  • 2020-11-27 03:20

    Here's a quick Perl script to get what you need. It needs some whitespace chomping.

    #!/bin/perl
    
    $sample = <<END;
    Subject:
      Security ID:        S-1-5-21-3368353891-1012177287-890106238-22451
      Account Name:       ChamaraKer
      Account Domain:     JIC
      Logon ID:       0x1fffb
    
    Object:
      Object Server:  Security
      Object Type:    File
      Object Name:    D:\\ApacheTomcat\\apache-tomcat-6.0.36\\logs\\localhost.2013- 07-01.log
      Handle ID:  0x11dc
    END
    
    my @sample_lines = split /\n/, $sample;
    my $path;
    
    foreach my $line (@sample_lines) {
      ($path) = $line =~ m/Object Name:([^s]+)/g;
      if($path) {
        print $path . "\n";
      }
    }
    
    0 讨论(0)
  • 2020-11-27 03:30

    This is a Python solution.

    import re
    
    line ="""Subject:
        Security ID:        S-1-5-21-3368353891-1012177287-890106238-22451
        Account Name:       ChamaraKer
        Account Domain:     JIC
        Logon ID:       0x1fffb
    
    Object:
        Object Server:  Security
        Object Type:    File
        Object Name:    D:\ApacheTomcat\apache-tomcat-6.0.36\logs\localhost.2013-07-01.log
        Handle ID:  0x11dc"""
    
    
    
    regex = (r'Object Name:\s+(.*)')
    match1= re.findall(regex,line)
    print (match1)
    
    *** Remote Interpreter Reinitialized  ***
    >>> 
    ['D:\\ApacheTomcat\x07pache-tomcat-6.0.36\\logs\\localhost.2013-07-01.log']
    >>> 
    
    0 讨论(0)
  • 2020-11-27 03:33

    This might work out for you depending on which language you are using:

    (?<=Object Name:).*
    

    It's a positive lookbehind assertion. More information could be found here.

    It won't work with JavaScript though. In your comment I read that you're using it for logstash. If you are using GROK parsing for logstash then it would work. You can verify it yourself here:

    https://grokdebug.herokuapp.com/

    0 讨论(0)
提交回复
热议问题