I have source below:
/prod/app/atm/ATMCHKMI1a/logs/catalina.out
/prod/app/atm/ATMCHKMI2a/logs/catalina.out
/prod/app/atm/ATMFOTN1a/logs/catalina.out
/prod/app/atm/ATMFITNA2a/logs/catalina.out
/prod/app/atm/ATMATMASS1a/logs/catalina.out
/prod/app/atm/ATMATMASS2a/logs/catalina.out
I want the source to display only as an Atmchk1a for first and so on and not the entire path.
How to do it?
I think rex with capture groups would enable you to get the name and site efficiently:
| makeresults | eval source="/prod/app/atm/ATMCHKMI1a/logs/catalina.out"
| append [| makeresults | eval source="/prod/app/atm/ATMCHKMI2a/logs/catalina.out"]
| append [| makeresults | eval source="/prod/app/atm/ATMFOTN1a/logs/catalina.out"]
| append [| makeresults | eval source="/prod/app/atm/ATMFITNA2a/logs/catalina.out"]
| append [| makeresults | eval source="/prod/app/atm/ATMATMASS1a/logs/catalina.out"]
| append [| makeresults | eval source="/prod/app/atm/ATMATMASS2a/logs/catalina.out"]
| rex field=source "^/([^/]+/){3}(?<name>[^/]+(?<site>[0-9]+)[^/]+?)/"
| eval site="site ".site
| table name site <other fields>
The regex looks for three path components before the extracted name
, with site
extracted as the last digits of the name.
I think rex with capture groups would enable you to get the name and site efficiently:
| makeresults | eval source="/prod/app/atm/ATMCHKMI1a/logs/catalina.out"
| append [| makeresults | eval source="/prod/app/atm/ATMCHKMI2a/logs/catalina.out"]
| append [| makeresults | eval source="/prod/app/atm/ATMFOTN1a/logs/catalina.out"]
| append [| makeresults | eval source="/prod/app/atm/ATMFITNA2a/logs/catalina.out"]
| append [| makeresults | eval source="/prod/app/atm/ATMATMASS1a/logs/catalina.out"]
| append [| makeresults | eval source="/prod/app/atm/ATMATMASS2a/logs/catalina.out"]
| rex field=source "^/([^/]+/){3}(?<name>[^/]+(?<site>[0-9]+)[^/]+?)/"
| eval site="site ".site
| table name site <other fields>
The regex looks for three path components before the extracted name
, with site
extracted as the last digits of the name.
Hi Micahkemp,
It did not work,
We now have got the source as below from the full path which I wanted.
ATMatmasst1a
ATMatmasst2a
ATMatmasstportal1a
ATMcdprof1a
ATMcdprof2a
ATMchkimg1a
ATMchkimg2a
ATMchkimgclt1prod
ATMciv1a
ATMcmprspclt1prod
ATMcrdreissueclt1prod
ATMcusprof1a
ATMcusprof2a
ATMdepositjamclt1prod
ATMelgbacctflnkg1a
ATMelgbacctflnkg2a
ATMercpt1a
But now I want a table which which shows in a below manner
where
ATMcusprof2a is site 2
ATMelgbacctflnkg1a is site 1
and so on.....
Changed it to add the word "site" to the site
field, and added in a table command.
Thanks Micahkemp, appreciated your help.
HI Micahkemp,
Can you please tell me good sites from where I can learn regex?
@abhi04,
https://regexone.com/
is also good site to start regex learning
https://regex101.com/ is a great site to test regexes. As for learning them, I'd have to defer to google on that one, as I don't have a recommendation handy.
You can use rex in sed mode:
<base search>|rex field=source mode=sed "s/^\/[^\/]+\/[^\/]+\/[^\/]+\/(\w+).*/\1/"
OR simply use rex command:
<base search>|rex field=source "^\/[^\/]+\/[^\/]+\/[^\/]+\/(?<source>\w+)"
try this run anywhere search:
|makeresults|eval source="/prod/app/atm/ATMCHKMI1a/logs/catalina.out"|rex field=source mode=sed "s/^\/[^\/]+\/[^\/]+\/[^\/]+\/(\w+).*/\1/"
Thanks, It worked.
Also, if I want to separate into two site as well i.e. ATMCHKMI1a shows as site 1 and ATMCHKMI2a shows as site 2 and similarly for others. How to do that?
yes as @micahkemp suggested try this regex to get separate site name w.r.t. source name,
| rex field=source "^/([^/]+/){3}(?<source>[^/]+(?<site>[0-9]+)[^/]+?)/"