Extracting data from logs using Linux commands

Question

Hi I have file with logs in this format:

2017-09-13T11:08:27+02:00 {"log":"\u001B[0m\u001B[0m2017-09-13 11:07:58,443 |xte-8| INFO [org.springframework.Something] - asdasdadasdsler] - Executing step: [asdsdsdp]\n"}

How to get rid of everything unneccessary and change \n to new lines so that it would look like this:

[0m2017-09-13 11:07:58,443 |xte-8| INFO [org.springframework.Something] - asdasdadasdsler] - Executing step: [asdsdsdp]

(new empty line from \n)

Using linux commands?

Answer 1

You can use sed with regex to acomplish that:

sed -i -E 's/[\[A-z0-9\]:\+"]+(\[0m[0-9]{4}[^\\]+)\\n/$1/g' filename

What this does is:

• sed -i -E 's/search/replace/g' filename searches for search in file filename, it replaces the match with replace, g stands for global. What -i and -E do can be found out by typing man sed in your terminal: -i replaces in place, means in the same file; -E stands for using extended regex.
• [\[A-z0-9\]:\+"]+ matches any character, any number, [, ], :, + and ". It will stop when the next regex part is encountered.
• ([^\\]+) groups anything that isn't a backslash, but we must use (\[0m[0-9]{4}[^\\]+) because the previous regex part must know that it has to stop when it encounters "[0m2017". This regex will stop before \n.
• $1 is the variable that holds matching from first group (we only have one group, but if there were more they would be stored in $1, $2, $3, etc. by the order they occur). So the whole input string will be replaced by what we captured in first group.