I have a system that scans our workstations and reports back which drives an admin can access and what permission level that admin has to the drives.
Some workstations return only one or two drives. So it would look something like this:
- MACHINE_NAME: pc_monty, DRIVES: C - No Access, print - Read Only
Other workstations have many, many drives and it looks something like this:
- MACHINE_NAME: pc_python, DRIVES: C - Read Only, spam - Read Write, F - No Access, SillyWalks - Read only, ...97 drives later... Z - No Access
Normally could use something like
- | split _raw delim=',' extract 1 as drive1, 2 as drive2, 3 as drive3
I could also try
- | parse field=results "*/t*/t*/t" as drive1, drive2, drive3
But I find this isn't quite getting the desired result because the fields vary in length. How can I extract these items when the number of items I want to extract is not constant?
Please sign in to leave a comment.