get two ip separately

Question

my log files got two ip src-ip:132.23.35.1, dest-ip:10.23.56.1.

I 'm using regex:

\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}

it gets two IPs, if I want to retrieve IP address of src-ip (in this case, 132.23.35.1) how to do?

I expect to get ip of source-ip and dest-ip separately.

Can you add an example of the log file you are reading, and what the desired output should look like? — chrismclarke, Aug 26 '19 at 09:13
log file: src-ip:132.23.35.1 source port: 23 dest-ip: 10.23.56.1 dest-port: 6540 desired output:132.23.35.1 — Jolin Wong, Aug 26 '19 at 09:15
perhaps try to edit the original question to include that information, so that it is all in one place and can be formatted more easily — chrismclarke, Aug 26 '19 at 09:18
question edited as below: log file: src-ip:132.23.35.1 source port: 23 dest-ip: 10.23.56.1 dest-port: 6540 desired output:132.23.35.1, using regex \d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3} get both 132.23.35.1 and 10.23.56.1 — Jolin Wong, Aug 26 '19 at 09:37
you should use capture groups , also read about greedy vs non-greedy approach. that will help solve your problem. — dhanlin, Aug 26 '19 at 13:32

score 0 · Answer 1 · answered Aug 26 '19 at 11:31

0

You could try

(?<=src-ip:)(.*)(?=,)

Example output from regexr

answered Aug 26 '19 at 11:31

chrismclarke

Hi, we have another log src-ip: 132.23.35.1 dest-ip: 10.23.56.1, there are a lot of spaces between 132.23.35.1 and dest-ip, if i apply (?=dest-ip), i get 132.23.35.1 plus a lot of spaces, how to remove those space and get only ip address, thanks – Jolin Wong Aug 27 '19 at 03:31
Yes, that is why in my example I used the comma to as the end character. Is there a comma in your text file or is it a typo in the question above? The code should work with a comma, but if you only have whitespace instead you could use /(?<=src-ip:)([\S]*)/g – chrismclarke Aug 27 '19 at 08:07

1 Answers1