Feature request: parse: wildcard like "*" that does not assign to a field

Follow

O A

• December 14, 2015 22:21
• Edited

There are cases where I need to skip some text in a message without assigning a field to this text.
For example, if I only need the first and third values of the following message structure:

• message: a great value here, no one cares what lies here, very important value here.

I would like to be able to do something like that with this message:

• parse "message: *,%,*." as field1,field2

or

• parse "message: *,*,*." as field1,ignored,field2

 

0

• 

  Kevin Keech

  • December 15, 2015 06:26

  Thanks for sending in this request, I like the idea of an alternate non capturing wildcard for the parse anchor.

  Until this can become an option you should be able to do the second option in your sample, then just toss the unwanted field away using the "fields" operator.

  | parse "message: *,*,*." as field1,ignored,field2
  | fields - ignored

  You could also probably do this with a "parse regex" operation to only pull the data into the fields you want.

  | parse regex "message: (?<field1>.*?),.*,(?<field2>.*?)"

   

  0

  Comment actions Permalink

Please sign in to leave a comment.