使用正则表达式提取命令
我需要提取命令,无论我们在下一行 CMD 一词后面的 () 中看到什么。
Oct 29 08:00:01 data2 crond[14368]: (root) CMD (sh -xv /home//ste-telnet.sh > /home/hari/logs/ste-telnet$(date +'%Y_%m_%d_%h_%m').succ 2> /home/hari/logs/ste-telnet$(date +'%Y_%m_%d_%h_%m').err)
我需要为此使用正则表达式,因为 splunk 只能理解正则表达式。
I need to extract the command, whatever we see in ( ) after the word CMD in the following line.
Oct 29 08:00:01 data2 crond[14368]: (root) CMD (sh -xv /home//ste-telnet.sh > /home/hari/logs/ste-telnet$(date +'%Y_%m_%d_%h_%m').succ 2> /home/hari/logs/ste-telnet$(date +'%Y_%m_%d_%h_%m').err)
I need to use regular expression for this since splunk understands only that.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
试试这个
如果该行的最后一个是命令(包含 CMD 的列是最后一列),这将起作用
Try this
This will work if the last thing on the line is a command (the column containing CMD is the last column)
这有点棘手。问题是你在那里有嵌套的括号。因此,如果您使用,
您将在您的情况下得到正确的结果(实际命令将在比赛的组号 1 中),但是一旦您有多个命令(或多于一组最外层的命令),该结果就会失败。字符串中
CMD后面的括号。This is a bit tricky. The problem is that you're having nested parentheses there. So if you use
you will get a correct result in your case (the actual command will be in the match's group number 1), but that would fail as soon as you'd have more than one command (or more than one set of outermost parentheses after
CMD) in your string.