Regex 如何通过正则表达式从日志(splunk)中获取端口号?
如何通过正则表达式从日志(Splunk)获取端口号:Regex 如何通过正则表达式从日志(splunk)中获取端口号?,regex,splunk,Regex,Splunk,如何通过正则表达式从日志(Splunk)获取端口号: {"info":{"seqno":0,"evtType":1,"oTime":null,"links":null,"id":"9b0ae9a9-e424-11e9-a309-fd988b74a8c5","origin":null,"relations":[],"details":"","severity":5,"time":1569918148265,"headId":"9b0ae9a9-e424-11e9-a309-fd988b74a8c5
{"info":{"seqno":0,"evtType":1,"oTime":null,"links":null,"id":"9b0ae9a9-e424-11e9-a309-fd988b74a8c5","origin":null,"relations":[],"details":"","severity":5,"time":1569918148265,"headId":"9b0ae9a9-e424-11e9-a309-fd988b74a8c5","sa":2},"desc":{"alertId":{"desc":"The network port is down","label":"Link down"},"pointId":[{"desc":"Type: openflow\nIP: a.b.c.d","label":"device_name [a.b.c.d]"},{"desc":"","label":""},{"desc":"Network Interfaces","label":""},{"desc":"","label":"**eth-0-36**"}]},"id":{"alertId":"16","component":1,"pointId":["a-b-c-d","dev","1","36"]}}
端口符号可以根据设备的不同而不同:
Eth1/1.2;Eth1/2.500;eth-0-19/4;eth-0-4;Eth1/4
我尝试了
\W+(?I)Eth…(-I))\W+
但在Splunk中不起作用。要匹配不同的格式,您可以使用:
\beth\d*(?:-\d+)*(?:/\d+(?:\.\d+)?)?\b
部分地
单词边界\b
匹配eth和0+位eth\d*
重复0+次和1+位(?:-\d+)*
非捕获组(?:
匹配/\d+(?:\.\d+)
,1+位和可选的a/
和1+位
关闭非捕获组并将其设置为可选)?
单词边界\b
[Ee]th
这应该可以:
(?<=")[Ee]th.*?(?=")
(?