我正在尝试使用正则表达式来提取 Splunk 中归档的文件名,我附上了相同的文本
I am trying to use regular expression for extracting the Filename filed in Splunk,I have attached the same text
ID=6913&Filename=C%3A%5CUsers%5CTHanse04%5CAppData%5CRoaming%5CDocumentum%5CViewed%5C181019_ERS_321_102_500857.pdf&Download=65536&DownloadSize=79243 HTTP/1 .1" 200 3 "-" "Java/1.8.0_192"
我需要提取,提取后我需要从中提取 Thanse04
文件名=C%3A%5CUsers%5CTHanse04%5CAppData%5CRoaming%5CDocumentum%5CViewed%5C181019_ERS_321_102_500857.pdf
(?:文件名=)(.*)(.pdf)(?:&)
解释:(?:) 是匹配但不是捕获组。在这里它匹配 'Filename= 但不捕获它。正则表达式继续捕获,直到它捕获 .pdf,然后确保它之后的下一个字符是 & 它也匹配但不捕获。
尝试Filename=%3A%5CUsers%5C(?<user>[^%]+)。
ID=6913&Filename=C%3A%5CUsers%5CTHanse04%5CAppData%5CRoaming%5CDocumentum%5CViewed%5C181019_ERS_321_102_500857.pdf&Download=65536&DownloadSize=79243 HTTP/1 .1" 200 3 "-" "Java/1.8.0_192"
我需要提取,提取后我需要从中提取 Thanse04 文件名=C%3A%5CUsers%5CTHanse04%5CAppData%5CRoaming%5CDocumentum%5CViewed%5C181019_ERS_321_102_500857.pdf
(?:文件名=)(.*)(.pdf)(?:&)
解释:(?:) 是匹配但不是捕获组。在这里它匹配 'Filename= 但不捕获它。正则表达式继续捕获,直到它捕获 .pdf,然后确保它之后的下一个字符是 & 它也匹配但不捕获。
尝试Filename=%3A%5CUsers%5C(?<user>[^%]+)。