splunk regex消除最终报价_Regex_Splunk

splunk regex消除最终报价

regex

splunk regex消除最终报价,regex,splunk,Regex,Splunk,我有：我有正则表达式： Row 114005: Requester Name: "RETAIL\S2343W01$" Issued Common Name: "S2343W01.retail.fakename.com" User Principal Name: "S2343W01.retail.fakename.com" Serial Number: "4c22be0100010002d317" Certificate Template: Client Authentication - Ret

我有：

我有正则表达式：

Row 114005: Requester Name: "RETAIL\S2343W01$" Issued Common Name: "S2343W01.retail.fakename.com" User Principal Name: "S2343W01.retail.fakename.com" Serial Number: "4c22be0100010002d317" Certificate Template: Client Authentication - Retail Desktops Certificate Effective Date: 12/1/2011 10:38 AM Certificate Expiration Date: 11/30/2012 10:38 AMMaximum Row Index: 114005

如何删除最终报价？

您可以将

+？\n

替换为

[^”]+

[^”]

是一个不包含双引号的字符类。

请尝试：

cert_SN = 4c22be0100010002d317"

（？i）序列号：\s\”（？P\w+）

或者，如果需要捕获空字段：

(?i)Serial Number:\s\"(?P<cert_sn>\w+)

（？i）序列号：\s\“（？P[^\“]*）”

@akuzma:在这种情况下，它就好像值一千美元。谢谢

(?i)Serial Number:\s\"(?P<cert_sn>\w+)

(?i)Serial Number:\s\"(?P<cert_sn>[^\"]*)\"