ithelp.brown.edu

Follow
Avatar
Paulo Baptista
Awk-Like and Shibboleth Log Parsing Help Few questions. 1) Is there a way with Sumo to extract fields based on delimiters? Like using awk? $1, $2 2) OK help a newbie out please! Getting my feet wet with parse and parse regex. I'm hoping a community member would help me get crawling. How would you parse out the time, date, USERNAME, and IP from this log entry? 10:08:16.061 - INFO [Shibboleth-Audit:111] - 20161006T140816Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect|ONELOGIN_882109e21sdfsdfsdfsf|https://ithelp.brown.edu/saml/metadata/3.xml|urn:mace:shibboleth:2.0:profiles:saml2:sso|https://sso.brown.edu/idp/shibboleth|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_161362febba0sdfsdfsdfsfecb0|USERNAME|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|transientId,Common-last_name,storedIdOracle,Common-email,Common-first_name,|ayK2xsadfsdfsdfasdf=|_1de3bc85adsfsdafsadfsadfedae42,| - [67c72c0e730ab2015asdfsdfsadfsadfsdaf8245c968087] - [] - [10.2.200.210]
0

Comments

1 comment

Sort by Date Votes
  • Avatar
    Paulo Baptista
    OK a dug into it a bit.... and was happy with the "split" operator and parse regex | split _raw delim='|' extract date, x, x1, x2 as url, x3, x4, x5, x6, username, x6, x7, x8, x9, x10 | parse regex "(?\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})"
    0
    Comment actions Permalink

Please sign in to leave a comment.

Didn't find what you were looking for?

New post