Solved: How to extract LAT and LONG from a string?

changux · ‎02-24-2016

Hi all.

I have a field with:

Address=DG 14 KR 36 A 90 LAT:14.752811 LON:-79.543

I need to create three fields from here:

Address=DG 14 KR 36 A 90
LAT=14.752811
LON=-79.543

I know the regexes for LAT and LONG:

For LAT: (?<=LAT:)(-?\d+\.\d+)
For LON: (?<=LON:)([\d.-]+)

Address must be all the string before LAT word.

I tried to LAT and LON:

... | field="Address" "(?<LAT>.(?<=LAT:)(-?\d+\.\d+))\.(?<LON>.(?<=LON:)([\d.-]+))"

But doesn't work. Any idea? Also, I need extract the address.

javiergn · ‎02-24-2016

Hi,

My proposal that includes case insensitive checks and non-greedy evaluation:

| rex field=Address "(?i)^Address=(?<Address>.+?)\s+LAT:\s*(?<LAT>[\-\d\.]+)\s+LON:\s*(?<LON>[\-\d\.]+)\s*$"

chimell · ‎02-25-2016

Hi
try this search code

 ... |rex  field=Address   "(LAT\:(?<LAT>[^\s+]+)\s+(LON\:(?<LON>[^\s+]+)$"

javiergn · ‎02-24-2016

Hi,

My proposal that includes case insensitive checks and non-greedy evaluation:

| rex field=Address "(?i)^Address=(?<Address>.+?)\s+LAT:\s*(?<LAT>[\-\d\.]+)\s+LON:\s*(?<LON>[\-\d\.]+)\s*$"

muebel · ‎02-24-2016

Hi changux, try this regex:

^Address=(?<address>.*)\sLAT:(?<lat>.*)\sLON:(?<lon>.*)$

you can do inline field extraction after you've gotten the initial events by piping to the rex command like so:

| rex field=Address "^Address=(?<address>.*)\sLAT:(?<lat>.*)\sLON:(?<lon>.*)$"

Please let me know how this goes for you!

How to extract LAT and LONG from a string?