Mailing List Archive

This seems to work but requires to use the first submatch:

((\w*)-.*)

Cheers,
JB

Le 2022-11-30 14:04, Arild Sather via rsyslog a écrit :
> Hi,
>
> I thought I was fairly useful at regexes, until I met rsyslog. Which
> has
> me severely stumped.
> I am trying to parse a really simple string:
>
> ncy-rest01-hel.example.com
>
> to extract the "nyc" part (i.e everything in front of the '-' ). Now,
> usually I would simply use:
>
> (\w*)-.*
>
> and point at the capture group. But nope, that won't match. Fine, I
> thought. Maybe:
>
> (\w*)-(.*)
>
> And specify the first capture group. But no. Basically, the only thing
> that halfway works is:
>
> (\w*)
>
> ...but the problem is that will also match:
> nope.example.com
> without a dash in the hostname. Which it should not (and thus trigger a
> nomatch).
>
> The regex checker is not explaining what is going on, and regex101 does
> not support things like ERE or BRE, so that's no help...
>
>
> -------------------------------------------------------------------
> The information contained in this message may be CONFIDENTIAL and is
> intended for the addressee only. Any unauthorized use, dissemination of
> the
> information or copying of this message is prohibited. If you are not
> the
> addressee, please notify the sender immediately by return e-mail and
> delete
> this message.
> Thank you
> _______________________________________________
> rsyslog mailing list
> https://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com/professional-services/
> What's up with rsyslog? Follow https://twitter.com/rgerhards
> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a
> myriad
> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
> DON'T LIKE THAT.
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.

Hi,

Thanks! That works in the regex tool, but the funny thing is that in the template string, I need to specify capture group 2, not 1.
I expected "%hostname:R,ERE,1,ZERO:((\\w*)-.*)--end%" to work, but that returns the full match (i.e. "0" in the regex tool), but I need to use "%hostname:R,ERE,2,ZERO:((\\w*)-.*)--end%" instead.

AS

-----Original Message-----
From: rsyslog <rsyslog-bounces@lists.adiscon.com> On Behalf Of nope via rsyslog
Sent: 30 November 2022 18:50
To: rsyslog-users <rsyslog@lists.adiscon.com>
Cc: nope <nope@grizzlydev.sarl>
Subject: Re: [rsyslog] Unable to figure out regex and regex checker.

[.Du mottar ikke ofte e-post fra rsyslog@lists.adiscon.com. Finn ut hvorfor dette er viktig p? https://aka.ms/LearnAboutSenderIdentification ]

This seems to work but requires to use the first submatch:

((\w*)-.*)

Cheers,
JB

Le 2022-11-30 14:04, Arild Sather via rsyslog a ?crit :
> Hi,
>
> I thought I was fairly useful at regexes, until I met rsyslog. Which
> has me severely stumped.
> I am trying to parse a really simple string:
>
> ncy-rest01-hel.example.com
>
> to extract the "nyc" part (i.e everything in front of the '-' ). Now,
> usually I would simply use:
>
> (\w*)-.*
>
> and point at the capture group. But nope, that won't match. Fine, I
> thought. Maybe:
>
> (\w*)-(.*)
>
> And specify the first capture group. But no. Basically, the only thing
> that halfway works is:
>
> (\w*)
>
> ...but the problem is that will also match:
> nope.example.com
> without a dash in the hostname. Which it should not (and thus trigger
> a nomatch).
>
> The regex checker is not explaining what is going on, and regex101
> does not support things like ERE or BRE, so that's no help...
>
>
> -------------------------------------------------------------------
> The information contained in this message may be CONFIDENTIAL and is
> intended for the addressee only. Any unauthorized use, dissemination
> of the information or copying of this message is prohibited. If you
> are not the addressee, please notify the sender immediately by return
> e-mail and delete this message.
> Thank you
> _______________________________________________
> rsyslog mailing list
> https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Flist
> s.adiscon.net%2Fmailman%2Flistinfo%2Frsyslog&amp;data=05%7C01%7Carisat
> %40equinor.com%7C8aeaf2e58e4d4cd41b1f08dad2fb4e10%7C3aa4a235b6e248d591
> 957fcf05b459b0%7C0%7C0%7C638054274049130669%7CUnknown%7CTWFpbGZsb3d8ey
> JWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C300
> 0%7C%7C%7C&amp;sdata=EPtBMjUSCPmMW8EdkAUAX5Ui19%2FCFPWeFZEq3xMw7ZM%3D&
> amp;reserved=0
> https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.r
> syslog.com%2Fprofessional-services%2F&amp;data=05%7C01%7Carisat%40equi
> nor.com%7C8aeaf2e58e4d4cd41b1f08dad2fb4e10%7C3aa4a235b6e248d591957fcf0
> 5b459b0%7C0%7C0%7C638054274049130669%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiM
> C4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C
> %7C&amp;sdata=Yeyn7ZKdkoHViC7pn5lcBI%2B2lPfber%2BZViU54mM9yQc%3D&amp;r
> eserved=0 What's up with rsyslog? Follow
> https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftwit
> ter.com%2Frgerhards&amp;data=05%7C01%7Carisat%40equinor.com%7C8aeaf2e5
> 8e4d4cd41b1f08dad2fb4e10%7C3aa4a235b6e248d591957fcf05b459b0%7C0%7C0%7C
> 638054274049130669%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjo
> iV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&amp;sdata=IQlO
> SjAYX3aEemjtNourHk8Y46rRtCNzCQ10jwM9cpI%3D&amp;reserved=0
> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a
> myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST
> if you DON'T LIKE THAT.
_______________________________________________
rsyslog mailing list
https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.adiscon.net%2Fmailman%2Flistinfo%2Frsyslog&amp;data=05%7C01%7Carisat%40equinor.com%7C8aeaf2e58e4d4cd41b1f08dad2fb4e10%7C3aa4a235b6e248d591957fcf05b459b0%7C0%7C0%7C638054274049130669%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&amp;sdata=EPtBMjUSCPmMW8EdkAUAX5Ui19%2FCFPWeFZEq3xMw7ZM%3D&amp;reserved=0
https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.rsyslog.com%2Fprofessional-services%2F&amp;data=05%7C01%7Carisat%40equinor.com%7C8aeaf2e58e4d4cd41b1f08dad2fb4e10%7C3aa4a235b6e248d591957fcf05b459b0%7C0%7C0%7C638054274049130669%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&amp;sdata=Yeyn7ZKdkoHViC7pn5lcBI%2B2lPfber%2BZViU54mM9yQc%3D&amp;reserved=0
What's up with rsyslog? Follow https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftwitter.com%2Frgerhards&amp;data=05%7C01%7Carisat%40equinor.com%7C8aeaf2e58e4d4cd41b1f08dad2fb4e10%7C3aa4a235b6e248d591957fcf05b459b0%7C0%7C0%7C638054274049130669%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&amp;sdata=IQlOSjAYX3aEemjtNourHk8Y46rRtCNzCQ10jwM9cpI%3D&amp;reserved=0
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.


-------------------------------------------------------------------
The information contained in this message may be CONFIDENTIAL and is
intended for the addressee only. Any unauthorized use, dissemination of the
information or copying of this message is prohibited. If you are not the
addressee, please notify the sender immediately by return e-mail and delete
this message.
Thank you
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.