fresh
Reputation: 93
Regex in syslog template
I try to use regex in a syslog template but it still not works. I first tried do match everthing to see if it works but it dont works. I tested my expression with a online tool and there it works. In my opinion the log message should be empty because the expression always match or? But there are always zeros in the log file.
template(name="testLogFormat" type="list")
property(name="syslogtag"
regex.type="ERE"
regex.submatch="0"
regex.expression=".*--end"
regex.nomatchmode="ZERO"
)
Upvotes: 1
Views: 3500
Answers (1)
Wiktor Stribiżew
Reputation: 626738
Your input string looks like abc[123]. So, you may fix your current config using
regex.submatch="1"
regex.expression="\[([0-9]+)]"
See the regex demo.
Here,
\[- matches a[([0-9]+)- captures into Group 1 (you access the value usingregex.submatch="1")]- a closing].
Upvotes: 1
Related Questions
- Consolidated RegEx to parse syslog data
- How to retrieve keys and values from syslogs?
- Regex Help in Parsing Syslog
- Regular Expression for SysLog RFC5424
- Syslog data parsing using RE in python
- rsyslog template - parse failure in regular expression
- Java Regular Expression for Syslog Message not working
- regular expression multiple matches
- Regexp, how to properly use OR when filtering syslog
- Conditional Regex, how to extract a subset of a match?