使用正则表达式从两个不同的日志样本中提取源 IP 地址
Extract the Source IP Address from two different log samples with regex
我有一个正则表达式如下:
"id.resp_h"|"rx_hosts":(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}),
我正在尝试从两个不同的日志样本中提取源 IP 地址。 "id.orig_h" 和 "tx_hosts" 是源 IP 的两个不同字段。我如何忽略语音标记和方括号?我只想提取 IP 地址
schema_id=17127524534057985804:skip_writers="":{"_path":"conn","_system_name":"hostname","_write_ts":"2020-01-12T22:09:28.853417Z","ts":"2020-01-12T22:07:14.642074Z","uid":"Cm4cbmvRjlmd2I52c","id.orig_h":"192.168.1.1","id.orig_p":xxx,"id.resp_h":"192.168.1.2","id.resp_p":xxx,"proto":"udp",
schema_id=17223896091372211545:skip_writers="":{"_path":"files","_system_name":"Hostname","_write_ts":"2020-01-12T22:09:00.016260Z","ts":"2020-01-12T22:07:14.108217Z","fuid":"FnmzOv3Fkhr8lP0qL","tx_hosts":["192.168.1.1","192.168.1.1"],"rx_hosts":["192.168.1.10"],
任何帮助将不胜感激:-)
谢谢,
JM
如果你想用正则表达式解决这个问题,试试这个:
(?:"id.resp_h"["[:]|"rx_hosts"["[:])(\d{1,3}.\d{1,3}.\d{1,3}.\d{1,3})
见here
我有一个正则表达式如下:
"id.resp_h"|"rx_hosts":(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}),
我正在尝试从两个不同的日志样本中提取源 IP 地址。 "id.orig_h" 和 "tx_hosts" 是源 IP 的两个不同字段。我如何忽略语音标记和方括号?我只想提取 IP 地址
schema_id=17127524534057985804:skip_writers="":{"_path":"conn","_system_name":"hostname","_write_ts":"2020-01-12T22:09:28.853417Z","ts":"2020-01-12T22:07:14.642074Z","uid":"Cm4cbmvRjlmd2I52c","id.orig_h":"192.168.1.1","id.orig_p":xxx,"id.resp_h":"192.168.1.2","id.resp_p":xxx,"proto":"udp",
schema_id=17223896091372211545:skip_writers="":{"_path":"files","_system_name":"Hostname","_write_ts":"2020-01-12T22:09:00.016260Z","ts":"2020-01-12T22:07:14.108217Z","fuid":"FnmzOv3Fkhr8lP0qL","tx_hosts":["192.168.1.1","192.168.1.1"],"rx_hosts":["192.168.1.10"],
任何帮助将不胜感激:-)
谢谢, JM
如果你想用正则表达式解决这个问题,试试这个:
(?:"id.resp_h"["[:]|"rx_hosts"["[:])(\d{1,3}.\d{1,3}.\d{1,3}.\d{1,3})
见here