我一直在尝试与Regex一起尝试在仪表板源代码中查找所有出现的所有loadjob命令,并且一直为此而苦苦挣扎。这可行吗?
已经尝试知道loadjob savedsearch具有“ | loadjob savedsearch =” user:app:jobname“
| rex field="source" max_match=0 ".*(?:b: loadjob.*=.*:.*:(?P<jobname>))\|* .*"
源示例(被视为单行):
<form script="playground_v2.js" stylesheet="playground_v3.css">
<label>1st Line Clone</label>
<init>
<set token="PrioColor">0xfecb00</set> <set token="Prio1Color">0xe60000</set>
<set token="Prio2Color">0xa8b400</set> <set token="Prio3Color">0x9c2aa0</set>
<set token="Prio4Color">0xeb9700</set> <set token="Prio5Color">0x00b0ca</set>
</init>
<earliest>0</earliest> </search>
<search id="volume2">
<query> | loadjob savedsearch="reporting:fs_reporting:1st_Line_Volumes" | search Domain=$history_domain$ | eval month=if("$report$"=="raised",RaisedMonth,ResolvedMonth) | eval conta=if("$report$"=="raised and resolved" AND RaisedSameMonth==0,0,count) | where month>="$start_time$" AND month<="$end_time$" | eval _time=strptime(month."/01 00:00:00", "%Y/%m/%d %H:%M:%S") | stats sum(conta) as conta by _time, Priority
</query>
</search>
<search id="time2">
<query> | loadjob savedsearch="reporting:fs_reporting:1st_Line_Times" | search Domain=$history_domain$ | eval month=if("$report$"=="raised",RaisedMonth,ResolvedMonth) | where month>="$start_time$" AND month<="$end_time$" | eval _time=strptime(month."/01 00:00:00", "%Y/%m/%d %H:%M:%S")
</query>
</search>
<search id="sla2">
<query> | loadjob savedsearch="reporting:fs_reporting:1st_Line_SLA" | search Domain=$history_domain$ | eval month=if("$report$"=="raised",RaisedMonth,ResolvedMonth) | where month>="$start_time$" AND month<="$end_time$" | eval _time=strptime(month."/01 00:00:00", "%Y/%m/%d %H:%M:%S")
</query>
</search>
</form>
<form script="playground_v2.js" stylesheet="playground_v3.css"> <label>1st Line Clone</label> <init> <set token="PrioColor">0xfecb00</set> <set token="Prio1Color">0xe60000</set> <set token="Prio2Color">0xa8b400</set> <set token="Prio3Color">0x9c2aa0</set> <set token="Prio4Color">0xeb9700</set> <set token="Prio5Color">0x00b0ca</set> </init> <earliest>0</earliest> </search> <search id="volume2"> <query> | loadjob savedsearch="reporting:fs_reporting:1st_Line_Volumes" | search Domain=$history_domain$ | eval month=if("$report$"=="raised",RaisedMonth,ResolvedMonth) | eval conta=if("$report$"=="raised and resolved" AND RaisedSameMonth==0,0,count) | where month>="$start_time$" AND month<="$end_time$" | eval _time=strptime(month."/01 00:00:00", "%Y/%m/%d %H:%M:%S") | stats sum(conta) as conta by _time, Priority </query> </search> <search id="time2"> <query> | loadjob savedsearch="reporting:fs_reporting:1st_Line_Times" | search Domain=$history_domain$ | eval month=if("$report$"=="raised",RaisedMonth,ResolvedMonth) | where month>="$start_time$" AND month<="$end_time$" | eval _time=strptime(month."/01 00:00:00", "%Y/%m/%d %H:%M:%S") </query> </search> <search id="sla2"> <query> | loadjob savedsearch="reporting:fs_reporting:1st_Line_SLA" | search Domain=$history_domain$ | eval month=if("$report$"=="raised",RaisedMonth,ResolvedMonth) | where month>="$start_time$" AND month<="$end_time$" | eval _time=strptime(month."/01 00:00:00", "%Y/%m/%d %H:%M:%S") </query> </search> </form>
| rest /servicesNS/-/-/data/ui/views
| table Type author title eai:acl.app eai:data
| eval Type="Dashboards"
| rename author as Owner title as Name eai:acl.app as AppName eai:data as source search as source
| rex field="source" max_match=0 ".*(?:b: loadjob.*=.*:.*:(?P<jobname>))\|* .*"
我想要的是获取“ loadjob”仪表板源中的所有实例,并将其作业名称输入字段
当前我没有得到任何结果
答案 0 :(得分:1)
我对标签rest并不真正熟悉,但是根据您的问题,您似乎想将loadjob savedsearch="..."设为第0组。因此,您可以尝试以下代码:
loadjob\s*.*?=(?P<quote>['"]).*?(?P=quote)(?=\s*\|)
它还解决了savesearch后跟单引号'而不是双引号"
答案 1 :(得分:0)
基于Robo Mop的建议:
loadjob\s*.*?=(?<job>(?P<quote>\").*?(?P=quote))(?=\s*\|)
这将得到我想要的结果。非常感谢Robo Mop!