Reputation: 655
Matching the left and rights side side of a string using a regex
In any regex language (PCRE preferred though) is there a way to negate matching a portion of a string in the middle? I've looked at both negative/positive lookahead/behind and those seem to be able to match either the left or right sides but not both at the same time (likely I'm misunderstanding something).
Some example inputs:
a "b" c
d "e" f
Expected matches:
a c
d f
The strings either the left or right can be any character/symbol, I essentially want to discard anything inside the "", including the quotes itself.
To make this more concrete, I'm trying to parse some error logs we have in Splunk where the names of Kubernetes pods are contains within the "". Removing the unique pod names would allow me to make a distinct list of error messages affecting the system I'm trying to triage.
Upvotes: 1
Views: 420
Answers (2)
Reputation: 9916
You also can do it with sed.
...
| rex mode=sed "s/([^\\\"]+) \\\"[^\\\"]+\\\" (.*)/\1 \2/"
Upvotes: 1
Reputation: 7521
In Splunk you can make use of groups like this:
...
| rex "(?<left>.*?)\"[^\"]*\"(?<right>.*)" ```captures only the left and right parts```
| eval pod=left+right ```concatenates left and right which essentially deletes the quoted part```
| table pod ```a table of results, just for illustration```
Upvotes: 2
Related Questions
- Not able to match the regex
- Get rid of characters between two characters in Splunk
- Splunk - regex extract fields from source
- regex match between characters
- regex:how to specify and end of the capture
- Regex to extract two values from single string in Splunk
- RegEx in Splunk Search
- A regex with Splunk
- Search on particular side of a String with RegExp
- Match regex from right to left?