And now to make this more confusing... This regex works quite well:
((?<=Temperature\s)\d\d)
For an example line like this: smartd[75160]: Device: /dev/da2 [SAT],
Temperature 30 Celsius reached limit of 15 Celsius (Min/Max ??/30)
It pulls out the Temperature and uses a positive lookbehind. I have tried
multiple permutations of the example regex (?<=\d\.\d\s)\d+(?=\.)
I also attempted to write it so that I only used the lookbehind, not the
lookahead incorperating the entireity of the line preceding the intended
value like so: ((?<=root:\sda\d\s\d{1,4}\.\d\s)\d+)
This also works well with alternative testing tools but fails within
graylog2.
Is it possible that there is a character that I need to escape in a
different way within these regexs that aren't working?
I have pulled up the RegexExtractor.java code from github and I'm planning
on taking a look there to see if I can identify where things are going
wobbly. Haven't had the time yet.
On Wednesday, May 7, 2014 1:17:35 PM UTC-6, lennart wrote:
>
> Try this one: ^.+:\s.+?\s(.+?)\s
>
> On Wed, May 7, 2014 at 6:03 PM, Jarred Masterson
> <[email protected] <javascript:>> wrote:
> > To confess upfront, I am a noob with RegEx but I've made some decent
> > progress in the past few days. I have a couple of extractors working
> well
> > but I'm running into an issue with one that seems like it should work.
> >
> > First here is an example line that I am matching against:
> > root: da2 75.6 49.7 4743.9 3183.8 6 1.3 6
> >
> > This is output from FreeBSD iostat -x and I have working extractors for
> the
> > device name and the first numbered field which is read operations. I'm
> on
> > 0.20.1 and I had to pull the digits prior to the decimal place due to
> the
> > number converter not dealing with floating point numbers. I see from the
> > github commits that this has been fixed in 20.2!
> >
> > I am trying now to pull the second metric which is the write operations
> per
> > second and in this case is 75.6.
> >
> > It seems like this should work:
> > (?<=\d+\b)\d+(?=\.)
> >
> > I've also tried to move the \b around such as (?<=\d+)\b\d+(?=\.) I am
> also
> > a little confused as to if I do or do not need to enclose the whole
> thing in
> > parenthesis. My working extractors are enclosed in () but I get errors
> when
> > trying that with the above example.
> >
> > --
> > You received this message because you are subscribed to the Google
> Groups
> > "graylog2" group.
> > To unsubscribe from this group and stop receiving emails from it, send
> an
> > email to [email protected] <javascript:>.
> > For more options, visit https://groups.google.com/d/optout.
>
--
You received this message because you are subscribed to the Google Groups
"graylog2" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
