我希望提取特定单词后匹配的特定字符集,直到序列中出现的最后一个空格。
示例:
FAILED on portal HTTP (10.1.1.1)
FAILED on portal TELNET 0 SSH (10.1.1.1)
我希望O / P为:
HTTP
TELNET 0 SSH
目前正在使用以下RegEX并进行处理:
.+((?<=portal)[^\s]]+
如果你们中的任何人可以帮助我,将会有所帮助:)
从评论更新:
文字:
1368028793000 10.3.1.4 CISCO X AUTHENTICATION:SESSION User authentication attempt FAILED on portal TELNET 0 SSH (10.1.2.8:64940)
正则表达式:
^(\d+).* (\S+\d) ([\w\s]+) (\w* ?AUTHENTICATION:SESSION) (.+) (([\w.]+):(\d+)).*
通常,我希望从我的示例字符串中获得的组是:
#1 - 1368028793000
#2 - 10.3.1.4
#3 - CISCO X
#4 - AUTHENTICATION:SESSION
#5 - User authentication attempt FAILED on portal
#6 - TELNET 0 SSH
#7 - 10.1.2.8
#8 - 6940
答案 0 :(得分:1)
你可以试试这个:
(?<=portal\s)(.+)\s\(
请注意,您有一个缺少的右括号)和一个缺少的开口方括号[,我认为这是一个错字。并且你需要逃离标记(10.1.1.1)位开始的开始括号。
答案 1 :(得分:0)
您可以使用此正则表达式
(?<=portal).+(?=\s)
.+贪婪,所以它会匹配到最后,然后在必要时回溯......
答案 2 :(得分:0)
根据新要求全部改变。
尝试使用:
^(\d+)\s+([\d.]+)\s+([\w\s]+?)\s+(AUTHENTICATION:SESSION)\s+(.+?portal)\s(.+?)\(([\d.]+)(?::(\d+))?\)$
这是运行它的perl脚本:
my $re = qr/^(\d+)\s+([\d.]+)\s+([\w\s]+?)\s+(AUTHENTICATION:SESSION)\s+(.+?portal)\s(.+?)\(([\d.]+)(?::(\d+))?\)$/;
while(<DATA>) {
chomp;
my @l = ($_ =~ $re);
dump@l;
}
__DATA__
1368028793000 10.3.1.4 CISCO X AUTHENTICATION:SESSION User authentication attempt FAILED on portal HTTP (10.1.1.1)
1368028793000 10.3.1.4 CISCO X AUTHENTICATION:SESSION User authentication attempt FAILED on portal TELNET 0 SSH (10.1.2.8:64940)
<强>输出:
(
1368028793000,
"10.3.1.4",
"CISCO X",
"AUTHENTICATION:SESSION",
"User authentication attempt FAILED on portal",
"HTTP ",
"10.1.1.1",
undef,
)
(
1368028793000,
"10.3.1.4",
"CISCO X",
"AUTHENTICATION:SESSION",
"User authentication attempt FAILED on portal",
"TELNET 0 SSH ",
"10.1.2.8",
64940,
)
正则表达式解释:
The regular expression:
(?-imsx:^(\d+)\s+([\d.]+)\s+([\w\s]+?)\s+(AUTHENTICATION:SESSION)\s+(.+?portal)\s(.+?)\(([\d.]+)(?::(\d+))?\)$)
matches as follows:
NODE EXPLANATION
----------------------------------------------------------------------
(?-imsx: group, but do not capture (case-sensitive)
(with ^ and $ matching normally) (with . not
matching \n) (matching whitespace and #
normally):
----------------------------------------------------------------------
^ the beginning of the string
----------------------------------------------------------------------
( group and capture to \1:
----------------------------------------------------------------------
\d+ digits (0-9) (1 or more times (matching
the most amount possible))
----------------------------------------------------------------------
) end of \1
----------------------------------------------------------------------
\s+ whitespace (\n, \r, \t, \f, and " ") (1 or
more times (matching the most amount
possible))
----------------------------------------------------------------------
( group and capture to \2:
----------------------------------------------------------------------
[\d.]+ any character of: digits (0-9), '.' (1
or more times (matching the most amount
possible))
----------------------------------------------------------------------
) end of \2
----------------------------------------------------------------------
\s+ whitespace (\n, \r, \t, \f, and " ") (1 or
more times (matching the most amount
possible))
----------------------------------------------------------------------
( group and capture to \3:
----------------------------------------------------------------------
[\w\s]+? any character of: word characters (a-z,
A-Z, 0-9, _), whitespace (\n, \r, \t,
\f, and " ") (1 or more times (matching
the least amount possible))
----------------------------------------------------------------------
) end of \3
----------------------------------------------------------------------
\s+ whitespace (\n, \r, \t, \f, and " ") (1 or
more times (matching the most amount
possible))
----------------------------------------------------------------------
( group and capture to \4:
----------------------------------------------------------------------
AUTHENTICATION:SES 'AUTHENTICATION:SESSION'
SION
----------------------------------------------------------------------
) end of \4
----------------------------------------------------------------------
\s+ whitespace (\n, \r, \t, \f, and " ") (1 or
more times (matching the most amount
possible))
----------------------------------------------------------------------
( group and capture to \5:
----------------------------------------------------------------------
.+? any character except \n (1 or more times
(matching the least amount possible))
----------------------------------------------------------------------
portal 'portal'
----------------------------------------------------------------------
) end of \5
----------------------------------------------------------------------
\s whitespace (\n, \r, \t, \f, and " ")
----------------------------------------------------------------------
( group and capture to \6:
----------------------------------------------------------------------
.+? any character except \n (1 or more times
(matching the least amount possible))
----------------------------------------------------------------------
) end of \6
----------------------------------------------------------------------
\( '('
----------------------------------------------------------------------
( group and capture to \7:
----------------------------------------------------------------------
[\d.]+ any character of: digits (0-9), '.' (1
or more times (matching the most amount
possible))
----------------------------------------------------------------------
) end of \7
----------------------------------------------------------------------
(?: group, but do not capture (optional
(matching the most amount possible)):
----------------------------------------------------------------------
: ':'
----------------------------------------------------------------------
( group and capture to \8:
----------------------------------------------------------------------
\d+ digits (0-9) (1 or more times
(matching the most amount possible))
----------------------------------------------------------------------
) end of \8
----------------------------------------------------------------------
)? end of grouping
----------------------------------------------------------------------
\) ')'
----------------------------------------------------------------------
$ before an optional \n, and the end of the
string
----------------------------------------------------------------------
) end of grouping
----------------------------------------------------------------------