我在这里有这个示例日志文件:
LOG FILE:
Jan 1 22:54:17 drop %LOGSOURCE% >eth1 rule: 7; rule_uid: {C1336766-9489-4049-9817-50584D83A245};
Jan 1 22:54:22 drop %LOGSOURCE% >eth1 rule: 7; rule_uid: {C1336766-9489-4049-9817-50584D83A245};
Jan 1 22:54:23 drop %LOGSOURCE% >eth1 rule: 7; rule_uid: {C1336766-9489-4049-9817-50584D83A245};
Jan 1 22:54:41 drop %LOGSOURCE% >eth1 rule: 7; rule_uid: {C1336766-9489-4049-9817-50584D83A245};
默认分隔符是分号(;),我想分隔时间戳和“drop”,以及带有该分隔符的“drop”和“%LOGSOURCE%”。我运行了代码(见下文,它是成功的,但我没有得到我预期的结果。整个代码是插入分隔符。)
我的代码: 公共类LogParser {
List<String> temps = new ArrayList<String>();
// while loop
while (inFile1.hasNext()) {
// find next line
String token1 = inFile1.next();
temps.add(token1);
}
inFile1.close();
String[] tempsArray = temps.toArray(new String[0]);
for (String s : tempsArray) {
Pattern p = Pattern.compile("([a-zA-Z]{3}\\s\\d{1,2}\\s\\d{2}:\\d{2}:\\d{2})(\\s)(drop)");
Matcher matcher = p.matcher(s);
while (matcher.find()) {
//System.out.println(matcher.group(0));
}
//System.out.println(s);
}
答案 0 :(得分:2)
如果您想使用正则表达式,可以使用:
([a-zA-Z]{3}\\s\\d{1,2}\\s\\d{2}:\\d{2}:\\d{2})(\s)(drop)
作为正则表达式replaceAll,替换为$1; $3。
如果您没有在java中运行正则表达式而不需要转义\,请尝试:
([a-zA-Z]{3}\s\d{1,2}\s\d{2}:\d{2}:\d{2})(\s)(drop)
输出:
LOG FILE:
Jan 1 22:54:17; drop %LOGSOURCE% >eth1 rule: 7; rule_uid: {C1336766-9489-4049-9817-50584D83A245};
Jan 1 22:54:22; drop %LOGSOURCE% >eth1 rule: 7; rule_uid: {C1336766-9489-4049-9817-50584D83A245};
Jan 1 22:54:23; drop %LOGSOURCE% >eth1 rule: 7; rule_uid: {C1336766-9489-4049-9817-50584D83A245};
Jan 1 22:54:41; drop %LOGSOURCE% >eth1 rule: 7; rule_uid: {C1336766-9489-4049-9817-50584D83A245};