How to parse lines with * in them

Comments

2 comments

  • Avatar
    Caleb Fogleman
    Rhett, This can be done with the 'parse regex' operator (documentation here: https://help.sumologic.com/Search/Search_Query_Language/01_Parse_Operators/02_Parse_Variable_Patterns_Using_Regex) In your case I would parse it something like this: parse regex "(?[0-9]{2}\/[0-9]{2}\/[0-9]{4}-[0-9]{2}:[0-9]{2}:[0-9]{2}\.[0-9]{6}) \[\*\*\] (?.*?) \[\*\*\] (?.*?) \[\*\*\] (?(?:[0-9]{1,3}\.?){4}:[0-9]{1,5} -\> (?:[0-9]{1,3}\.?){4}:[0-9]{1,5})" Of course you can change any of the for each field, as well as write more specific regex for values 2 and 3 if there is an expected format (more specific regex optimizes the query and more effectively ensures the expected outcome). I hope this helps! Thanks,Caleb F.
    0
    Comment actions Permalink
  • Avatar
    Rhett Roberts
    Thank you! I wasn't aware of the 'parse regex' operator.
    0
    Comment actions Permalink

Please sign in to leave a comment.