How do I Build a Regex Expression to Find String - regex

I've been studying content on the regex topic, but am having trouble understanding how to make it work! I need to build a regex to locate a particular string, potentially in multiple places throughout numerous log files. If I were keying the search expression into a text editor, it would look like this...
*Failed to Install*
Following is a typical example of a line containing the string I would like to search for (exit code # will vary)
!!! Failed to install, with exit code 1603
I would really appreciate any help on how to build the regex for this. I suspect I might need the end of line character too?
I plan on using it in a variation of the script that was provided by https://stackoverflow.com/users/3142139/m-hassan in the following thread
Use PowerShell to Quickly Search Files for Regex and Output to CSV
I'm a newbie to powershell scripts, but I'd rather spend the time to figure this out, than pour over hundreds of log files!
Thanks,
Jim

You're in luck - You only require very simple regex for this. Assuming you want to capture the error code, this will work fine:
^.*Failed to install.*(exit code \d+)$
Try it online!
If you don't care about the error code, and just want to know if it failed or not, you can honestly get away with something as simple as:
^.*Failed to install.*$
Hope this helps.

Related

How can I use RegEx in Source Graph properly?

I have virtually no knowledge of how to use Source Graph but I do know what Source Graph is and what RegEx is and its application across platforms. I am trying to learn how to better search for strings, variables, etc. in Source Graph so I can solve coding issues at work. I am not a coder/programmer/engineer but I have some general knowledge of programming in C and Python and using Query Languages.
I have gone to Source Graph's instructional page about RegEx but I honestly have a hard time understanding it.
Example:
I am trying to find "Delete %(folder_name)s and %(num_folders)s other folder from your ..." without the actual quotes and ellipses.
That is how I receive the code at work but this apparently is not how it is represented in Source Graph in its source file.
If I copy and paste that above line into Source Graph, I get no returns.
Here is what I found how the source file actually looks like in Source Graph:
"Delete \u201c%(folder_name)s\u201d and %(num_folders)s other folder from your ..." , again without actual quotes and ellipses.
I would have no idea that the \u201c and \201d were there in the original code. Is there a way around this?
What I usually have to work with and figure out how to find in Source Graph are singular variables or strings:
%(num_folders)s
This is a problem because the fewer items I have for searching, the harder it is to hunt down their source. I don't know who the author/engineer is until I find the code in Source Graph and check the blame feature (sadly it's a little disorganized at my work).
Sorry if this doesn't make any sense. This is my very first Stack Overflow post.
I can't the snippet you mentioned on sourcegraph.com, so I assume you are hosting Sourcegraph yourself.
In general, you could search for a term like Delete \u201c%(folder_name)s without turning on regular expressions to get literal matches. If you want to convert this into a regular expression, you would need to escape it like this:
Delete \\u201c%\(folder_name\)s
If %(folder_name) is meant to be a placeholder for any other expression, try this one instead:
Delete .*s and .*s other folder from your
https://regex101.com/ is my personal recommendation for learning more about how regular expressions work.

VSCode Snippets: Format File Name from my_file_name to MyFileName

I am creating custom snippets for flutter/dart. My goal is to pull the file name (TM_FILENAME_BASE) remove all of the underscores and convert it to PascalCase (or camelCase).
Here is a link to what I have learned so far regarding regex and vscode's snippets.
https://code.visualstudio.com/docs/editor/userdefinedsnippets
I have been able to remove the underscores nicely with the following code
${TM_FILENAME_BASE/[\\_]/ /}
I can even make it all caps
${TM_FILENAME_BASE/(.*)/${1:/upcase}/}
However, it seems that I cannot do two steps at a time. I am not familiar with regex, this is just me fiddling around with this for the last couple of days.
If anyone could help out a fellow programmer just trying make coding simpler, it would be really appreciated!
I expect the output of "my_file_name" to be "MyFileName".
It's as easy as that: ${TM_FILENAME_BASE/(.*)/${1:/pascalcase}/}
For the camelCase version you mentioned, you can use:
${TM_FILENAME_BASE/(.*)/${1:/camelcase}/}

How to I make gerrit query that spans across few specific projects?

I tried for few hours to find the right syntax for making a regex query that returns reviews from 2-3 different projects but I failed and decided to crowdsource the task ;)
The search is documented at https://review.openstack.org/Documentation/user-search.html and mentions possible use of REGEX,... but it just didn't work.
Task: return all CRs from openstack-infra/gerritlib and openstack-infra/git-review projects from https://review.openstack.org
Doing it for one project works well project:openstack-infra/gerritlib
Ideally I would like to look for somethign like ^openstack-infra\/(gerritlib|git-review), or at least this is the standard regex syntax.
Still, I found impossible to use parentheses so far, every time I used them it stopped it from returning any results.
1) You don't need to escape the "/" character.
2) You need to use double quotes to make the parentheses work.
So the following search should work for you:
project:"^openstack-infra/(gerritlib|git-review)"

Notepad++ Find/Replace Wildcard problems

Hopefully this is simple because I can't seem to figure it out.
I have a game that outputs a log with information I'd like to review, but it's bogged with tags.
<color=#9B9B9BFF>abndnd_b9o66v</color>.<color=#1EFF00FF>out_ys0a67</color>
<color=#9B9B9BFF>uknown_ospiw8</color>.<color=#1EFF00FF>p_vyuxzb</color>
<color=#9B9B9BFF>anonymous_yzgoqq</color>.<color=#1EFF00FF>pub_info_o1rotu</color>
<color=#9B9B9BFF>unidentified_t7stef</color>.<color=#1EFF00FF>out_gems04</color>
<color=#9B9B9BFF>abndnd_5vs06o</color>.<color=#1EFF00FF>public_7gshh2</color>
<color=#9B9B9BFF>anon_7kq2k4</color>.<color=#1EFF00FF>pub_wxn46t</color>
<color=#9B9B9BFF>anon_i83kkg</color>.<color=#1EFF00FF>info_ev39gs</color>
I can simply filter it by hand, but I know a regex may be able to help, I just can't seem to figure out the syntax correctly and how to trim the tags without tampering with the needed text
and my end result I'm trying to get is this:
abndnd_b9o66v.out_ys0a67
uknown_ospiw8.p_vyuxzb
anonymous_yzgoqq.pub_info_o1rotu
unidentified_t7stef.out_gems04
abndnd_5vs06o.public_7gshh2
anon_7kq2k4.pub_wxn46t
anon_i83kkg.info_ev39gs
Try this:
<color=.*?>(.*?)</color>\.<color=.*?>(.*?)</color>
Replace by this:
\1\.\2

Are my regex just wrong or is there a buggy behaviour in td-agent's format behaviour?

I am using fluentd, elasticsearch and kibana to organize logs. Unfortunately, these logs are not written using any standard like apache, so I had to come up with the regex for the format myself. I used this site here to verify that they are working: http://fluentular.herokuapp.com/ .
The logs have roughly this format here:
DEBUG: 24.04.2014 16:00:00 [SingleActivityStrategy] Start Activitiy 'barbecue' zu verabeiten.
the format regex I am using is as follows:
format /(?<pri>([INFO]|[DEBUG]|[ERROR])+)...(?<date>(\d{2}\.\d{2}\.\d{4})).(?<time>(\d{2}:\d{2}:\d{2})).\[(?<subject>(.*))\].(?<msg>(.*))/
Now, judging by that website that is supposed to test specifically fluentd's behaviour with regexes, the output SHOULD be this one:
Record
Key Value
pri DEBUG
date 24.04.2014
subject SingleActivityStrategy
msg Start Activitiy 'barbecue' zu verabeiten.
Instead though, I have this ?bug? that pri is always shortened to DEBU. Same for ERROR which becomes ERRO, only INFO stays INFO. I am not very experienced with regular expressions and I find it hard to believe that this is a bug, still it confuses me and any help is greatly appreciated.
I'm not sure I can link the complete config file because I dont personally own these log files and I am trying to keep it on a level that my boss won't get mad at me for posting sensitive information, but should it definately be needed, I will post them later on after having asked him how much I can reveal.
In general, the logs always look roughly like this:
First the priority, which is either DEBUG, ERROR or INFO, next the date , next what we call the subject which is always written in [ ] and finally just a message.
Here is a link to fluentular with the format I am using and a teststring that produces the right result in fluentular, but not in my config file:
Fluentular
Sorry I couldn't make it work like a regular link to just click on.
Another link to test out regex with my format and test string is this one:
http://rubular.com/r/dfXOkQYNXP
tl;dr version:
my td-agent format regex cuts off the last letter, although fluentular says it shouldn't. My fault or a bug?
How the regex would look if you're trying to match the data specifically:
(INFO|DEBUG|ERROR)\:\s+(\d{2}\.\d{2}\.\d{4})\s(\d{2}:\d{2}:\d{2})\s\[(.*)\](.*)
In your format string, you were using . and ... for where your spaces and colon should be. I'm not to sure on why this works in Fluentular, but you should have matched the \: explicitly and each space between the values.
So you'd be looking at the following regular expression with the Fluentd fields (which are grouping names):
(?<pri>(INFO|ERROR|DEBUG))\:\s+(?<date>(\d{2}\.\d{2}\.\d{4}))\s(?<time>(\d{2}:\d{2}:\d{2}))\s\[(?<subject>(.*))\]\s(?<msg>(.*))
Meaning your td-agent.conf should look like:
<source>
type tail
path /var/log/foo/bar.log
pos_file /var/log/td-agent/foo-bar.log.pos
tag foo.bar
format /(?<pri>(INFO|ERROR|DEBUG))\:\s+(?<date>(\d{2}\.\d{2}\.\d{4}))\s(?<time>(\d{2}:\d{2}:\d{2}))\s\[(?<subject>(.*))\]\s(?<msg>(.*))/
</source>
I would also take a look into comparing Logstash vs. Fluentd. I like Logstash far more because you create Grok filters to match the type of data you want, and it makes formatting your fields much easier because you are providing an abstraction layer, but you essentially will get the same data.
And I would watch out when you're using sites like Rubular, as they are fairly particular about multi-line matching and the like. I'd suggest something like Regexr which gives immediate feedback and you can set global and multiline matching as well.