0

Regex - 

(\d\d\d\d-\d\d-\d\dT\d\d:\d\d:\d\d.\d\d\dZ)\s+(INFO|WARN|DEBUG|ERROR|FATAL|TRACE)\s+(.*?\s+.*?)(.*?)\-\s+(.*?)\s+(?:(\[?.*?\])?)(.*)

Logs - 

2019-11-14T04:25:00.123Z  WARN http-nio-127.0.0.1-7440-exec-127 CorfuCompileProxy - accessInner: Encountered a trim exception while accessing version 120383907 on attempt 0
2019-11-14T04:23:08.700Z  INFO RpcManagerRequestCleanupTimer RpcManager - SYSTEM [nsx@6876 comp="nsx-manager" level="INFO" subcomp="manager"] Rpc response not received for application FabricStats request com.vmware.nsx.management.agg.messaging.AggService$ClientDataRequestMsg from client 8ac94189-d611-4eb3-9b93-c3c3a8e3d36a with correlation id 287e690e-0a47-4459-a0bb-be36fe439068 in 432000000 msec.
2019-11-14T04:24:04.072Z  INFO MessagingObjectFactoryImpl-4-2 ExporterLastAckServiceImpl - - [nsx@6876 comp="nsx-manager" level="INFO" subcomp="manager"] Found exporter with elaId = Node#a3844284-e626-11e9-a87b-005056bcc0c6#AggSvc-L2-Bridging, returning lastAck = 16507 
2019-11-14T04:23:08.362Z  INFO ActivityEventRecovery-1 ActivityCacheManager - - [nsx@6876 comp="nsx-manager" level="INFO" subcomp="manager"] Handling activity 92d6a146-fa12-4889-a0ff-441087e047d0 completion event for 1 
2019-11-14T04:23:08.362Z  DEBUG ActivityEventRecovery-1 ActivityCacheManager - - [nsx@6876 comp="nsx-manager" level="INFO" subcomp="manager"] Handling activity 92d6a146-fa12-4889-a0ff-441087e047d0 completion event for 1

In the above logs, I need to make a group 8 where id's of group 7 will get included. id's are .*-.*-.*-.*-.*

link - https://regex101.com/r/LJnVrS/98

fixatd
  • 1,394
  • 1
  • 11
  • 19
Mr Voice
  • 145
  • 9
  • 1
    What are group 8 and group 7? what are the expected results? – Guy Feb 25 '20 at 11:22
  • It sounds as if you wanted a [repeated capturing group](https://stackoverflow.com/questions/9764930/capturing-repeating-subpatterns-in-python-regex). Can't you extract what you need from Group 7 with another `re.findall`? Not sure what you need, so just guessing, `re.findall(r'-([^-\s]+)', match.group(7))`? – Wiktor Stribiżew Feb 25 '20 at 11:24
  • my message group for 2nd log is Group(7) - ` Rpc response not received for application FabricStats request com.vmware.nsx.management.agg.messaging.AggService$ClientDataRequestMsg from client 8ac94189-d611-4eb3-9b93-c3c3a8e3d36a with correlation id 287e690e-0a47-4459-a0bb-be36fe439068 in 432000000 msec.` Now I need Group(8) which should have array of two id's - Group(8) - `8ac94189-d611-4eb3-9b93-c3c3a8e3d36a 287e690e-0a47-4459-a0bb-be36fe439068` – Mr Voice Feb 25 '20 at 11:30
  • There are multiple occurrences of the ids pattern in the second line. You could match them from group 7 afterwards `\b[a-f0-9]+(?:-[a-f0-9]+)+\b` – The fourth bird Feb 25 '20 at 11:32
  • @Thefourthbird using your method i get this https://regex101.com/r/LJnVrS/101 – Mr Voice Feb 25 '20 at 11:39
  • I think I meant the same as what Wiktor suggested by first getting the value from group7 and then afterwards running a re.findall using that pattern to get the occurrences you are looking for. https://regex101.com/r/WI9hFd/1 – The fourth bird Feb 25 '20 at 11:42

1 Answers1

0

Does this help?

(\d\d\d\d-\d\d-\d\dT\d\d:\d\d:\d\d.\d\d\dZ)\s+(INFO|WARN|DEBUG|ERROR|FATAL|TRACE)\s+(.*?\s+.*?)(.*?)\-\s+(.*?)\s+(?:(\[?.*?\])?)(.*?\s+(?<id1>[a-zA-Z0-9]+-[a-zA-Z0-9]+-[a-zA-Z0-9]+-[a-zA-Z0-9]+-[a-zA-Z0-9]+)?\s+(\w+\s+)*(?<id2>[a-zA-Z0-9]+-[a-zA-Z0-9]+-[a-zA-Z0-9]+-[a-zA-Z0-9]+-[a-zA-Z0-9]+)?(\s+\w*)*)

I have made the following changes:

  1. For the id patterns, instead of .*-.*-.*-.*-.*, I have used [a-zA-Z0-9]+-[a-zA-Z0-9]+-[a-zA-Z0-9]+-[a-zA-Z0-9]+-[a-zA-Z0-9]+.
  2. The id patterns are named groups - id1 and id2. So, you will need to get them by these names instead of the group numbers. This helps in that even if there is a change to the regex anywhere else, your group reference doesn't have to change. These groups will have the ids, if they are present in the log line.
  3. I have used \w+ instead of .* where applicable.

Log lines 1 and 3 do not find anything (even earlier). I have not tried to resolve that.

Note: If you are using Ruby 2+ or Perl, the id pattern may be reused as a subroutine instead of being repeated entirely. That will increase readability.

Sree Kumar
  • 2,012
  • 12
  • 9