I have:
Row 114005: Requester Name: "RETAIL\S2343W01$" Issued Common Name: "S2343W01.retail.fakename.com" User Principal Name: "S2343W01.retail.fakename.com" Serial Number: "4c22be0100010002d317" Certificate Template: Client Authentication - Retail Desktops Certificate Effective Date: 12/1/2011 10:38 AM Certificate Expiration Date: 11/30/2012 10:38 AMMaximum Row Index: 114005
And I have regex:
(?i)Serial Number: “(?P<cert_SN>.+?\n)
Result is like:
cert_SN = 4c22be0100010002d317"
How can I eliminate the final quote?
Try:
(?i)Serial Number:\s\"(?P<cert_sn>\w+)
Or if need to capture empty fields:
(?i)Serial Number:\s\"(?P<cert_sn>[^\"]*)\"
you can replace .+?\n by [^"]+
[^"] is a character class that doesn't contain the double quote.
Related
I create this regex to parse mongodb url as follow:
/mongodb://((?'username'\w+):(?'password'\w+)#)?(?'hosts'\w[,\w]*)(/(?'defaultdb'[\w.]+))?(\?(?'options'.*$))?$/m
I do some tests in regex101 with it, and I wanna to know if its possible to parse the ',' (commas) in hosts group to result in an array, and similarly do this in options group with '&' separator.
My intentions is iterate by the regex result and use the matches groups with your result in one way, without need to split by separator.
Expected example:
mongodb://user:password#host,host2,host3,host4/databasename?options=1&options=2
group user: user
group password: password
group hosts: host
group hosts: host2
group hosts: host3
group hosts: host4
group defaultdb: databasename
group options: options=1
group options: options=2
A possible work around to have all your data in the right order:
let str = 'mongodb://user:password#host,host2,host3,host4/databasename?options=1&options=2'
// substring(10) to avoid 'mongodb://'
console.log(str.substring(10).split(/[:#,/&?]/))
Edit: I see before your edit that you are on Node, so an other solution is:
let str = 'mongodb://user:password#host,host2,host3,host4/databasename?options=1&options=2'
let regex = /mongodb:\/\/(?<username>\w+):(?<password>\w+)#(?<hosts>[,\w]*)\/(?<defaultdb>[\w\.]+)?\?(?<options>.*$)?$/
function splitGroup(group, items)
{
items.forEach(function (item, index) {
res.groups[group+'_'+index] = item
});
}
res = regex.exec(str)
res.groups.hosts = res.groups.hosts.split(',')
res.groups.options = res.groups.options.split('&')
splitGroup('host', res.groups.hosts)
splitGroup('option', res.groups.options)
delete res.groups.hosts
delete res.groups.options
console.log(Object.keys(res.groups).filter(v => v.startsWith('host')))
// [ 'host_0', 'host_1', 'host_2', 'host_3' ]
console.log(Object.keys(res.groups).filter(v => v.startsWith('option')))
// [ 'option_0', 'option_1' ]
I'm trying to use ansible to update telegraf.conf's [[inputs.ping]].
telegraf.conf looks like the following:
[[inputs.ping]]
urls = ["tac-temp1","tac-temp2", "tac-temp3","tac-temp4"] #tac
count = 30
timeout = 15.0
[inputs.ping.tags]
name = "tac"
[[inputs.ping]]
urls = ["prod-temp1","prod-temp2", "prod-temp3","prod-temp4"] #prod
count = 30
timeout = 15.0
[inputs.ping.tags]
name = "prod"
[[inputs.ping]]
urls = ["test-temp1","test-temp2", "test-temp3","test-temp4"] #test
count = 30
timeout = 15.0
[inputs.ping.tags]
name = "test"
I'm trying to add ,"tac-temp10" after ,"tac-temp4" in line 2 shown above.
- hosts: Servers
become: yes
become_method: sudo
tasks:
- name: Loading telegraf.conf content for search
shell: cat /tmp/telegraf.conf
register: tele_lookup
- name: Adding Server to /tmp/telegraf.conf if does not exists
lineinfile:
path: /tmp/telegraf.conf
state: present
regexp: '^((.*)"] #tac$)'
line: ',"tac-temp10"'
backup: yes
when: tele_lookup.stdout.find('tac-temp10') != '0'
regexp: '^((.*)"] #tac$)' is replacing the whole line with ,"tac-temp10". Expected output:
[[inputs.ping]]
urls = ["tac-temp1","tac-temp2", "tac-temp3","tac-temp4","tac-temp10"] #tac
count = 30
timeout = 15.0
[inputs.ping.tags]
name = "tac"
Warning: Ugly regexp ahead. Beware of unpredictable understanding for next guys (including you after time passed by...) doing maintenance.
The following will add your server at the end of the list if it is not already present (anywhere in the list) with a single idempotent task.
- name: add our server if needed
lineinfile:
path: /tmp/test.conf
backup: yes
state: present
regexp: '^( *urls *= *\[)(("(?!tac-temp10)([a-zA-Z0-9_-]*)",? *)*)(\] #tac)$'
backrefs: yes
line: '\1\2, "tac-temp10"\5'
You need to use backreferences to put back on the line the already matched parts of the expression. I used backup: yes so I could easily come back to the original for my tests. Feel free to drop it.
As you can see (and as advised in my warning) this is pretty much impossible to understand for anyone having to quickly read the code. If you have to do anything more fancy/complicated, consider using a template and storing your server list in a variable somewhere.
I have set up Curator to delete old Elasticsearch indexes via this filter:
(...)
filters:
- filtertype: pattern
kind: regex
value: '^xyz-us-(prod|preprod)-(.*)-'
exclude:
- filtertype: age
source: name
direction: older
timestring: '%Y.%m.%d'
unit: days
unit_count: 7
exclude:
(...)
However, I realized that Curator uses non-greedy regexes, because this filter catches the index xyz-us-prod-foo-2018.10.11 but not xyz-us-prod-foo-bar-2018.10.11.
How can I modify the filter to catch both indexes?
The answer I gave at https://discuss.elastic.co/t/use-greedy-regexes-in-curator-filter/154200 is still good, though you somehow weren't able to get the results I posted there. Anchoring the end and specifying the date regex worked for me: '^xyz-us-(prod|preprod)-.*-\d{4}\.\d{2}\.\d{2}$'
I created these indices:
PUT xyz-us-prod-foo-2018.10.11
PUT xyz-us-prod-foo-bar-2018.10.11
PUT xyz-us-preprod-foo-2018.10.12
PUT xyz-us-preprod-foo-bar-2018.10.12
And ran with this config:
---
actions:
1:
action: delete_indices
filters:
- filtertype: pattern
kind: regex
value: '^xyz-us-(prod|preprod)-.*-\d{4}\.\d{2}\.\d{2}$'
exclude:
- filtertype: age
source: name
direction: older
timestring: '%Y.%m.%d'
unit: days
unit_count: 7
The results are fully matched:
2018-10-29 20:08:28,120 INFO curator.utils show_dry_run:928 DRY-RUN: delete_indices: xyz-us-preprod-foo-2018.10.12 with arguments: {}
2018-10-29 20:08:28,120 INFO curator.utils show_dry_run:928 DRY-RUN: delete_indices: xyz-us-preprod-foo-bar-2018.10.12 with arguments: {}
2018-10-29 20:08:28,120 INFO curator.utils show_dry_run:928 DRY-RUN: delete_indices: xyz-us-prod-foo-2018.10.11 with arguments: {}
2018-10-29 20:08:28,120 INFO curator.utils show_dry_run:928 DRY-RUN: delete_indices: xyz-us-prod-foo-bar-2018.10.11 with arguments: {}
Curator's implementation of the Regex engine is using the U (Ungreedy) flag.
Ungreedy regexes make star quantifiers lazy by default, adding a "?" modifier under the Ungreedy option would turn it back to Greedy.
Try adding a '?' after the '.*' in your regex
'^xyz-us-(prod|preprod)-(.*?)-'
I'm using the replace module of Ansible (http://docs.ansible.com/ansible/replace_module.html).
My file is:
...
net route-domain /Common/0 {
id 0
vlans {
/thisrow/AAAA_yyyyy
/Common/http-tunnel
/Common/socks-tunnel
/Common/BIGIP-HA
/thisrow/AAAA_xxxxx
}
}
...
I need to remove all rows containing /thisrow/ inside vlans.
I'm using this regex: (^ vlans )(?P<vlanrow>){([^}]*)}{0}.*vasgk.*\n but I don't know how to remove ALL thisrow from vlanrow group
Thanks,
Riccardo
This is not a dupl. Ansible is not the problem. The problem is the regular expression matching just 1 time thisrow. Try it on https://regex101.com/r/n3rRsl/1
I've came up with the following playbook, using a little modified regexp of yours and the sample data from regex101 you provided.
playbook.yml
- hosts: localhost
tasks:
- replace:
dest: /home/user/config.conf
regexp: '(^ vlans )(?P<vlanrow>){([^}]*)}{0}(\s{8}/vasgk.*)\n'
replace: '\1\2{\3'
register: result
until: result.changed == False
retries: 4094 # you can't have more vlans!
This is the result:
net route-domain /Common/0 {
id 0
vlans {
/Common/http-tunnel
/Common/socks-tunnel
/Common/BIGIP-HA
}
}
It seems to be quite slow though, but should give you an idea. Hope that helps!
Edit:
changed
(^ vlans )(?P<vlanrow>){([^}]*)}{0}(.*/vasgk.*)\n
to (^ vlans )(?P<vlanrow>){([^}]*)}{0}(\s{8}/vasgk.*)\n, this fixed problems with spacing.
I need to extract a username from the log below via regex for a log collector.
Due to the nature of the logs we're getting its not possible to define exactly how many forward slashes are going to be available and I need to select a specific piece of data, as there are multiple occurances of similar formatted data.
Required data:
name="performedby" label="Performed By" value="blah.com/blah/blah blah/blah/**USERNAME**"|
<46>Jun 23 10:38:49 10.51.200.76 25113 LOGbinder EX|3.1|success|2016-06-23T10:38:49.0000000-05:00|Add-MailboxPermission Exchange cmdlet issued|name="occurred" label="Occurred" value="6/23/2016 10:38:49 AM"|name="cmdlet" label="Cmdlet" value="Add-MailboxPermission"|name="performedby" label="Performed By" value="blah.com/blah/blah blah/blah/USERNAME"|name="succeeded" label="Succeeded" value="Yes"|name="error" label="Error" value="None"|name="originatingserver label="Originating Server" value="black"|name="objectmodified" label="Object Modified" value="blah/blah/USERNAME"|name="parameters" label="Parameters" value="Name: Identity, Value: [blah]Name: User, Value: [blah/blah]Name AccessRights, Value: [FullAccess]Name: InheritanceType, Value: [All]"|name="properties" label="Modified Properties" value="n/a"|name="additionalinfo" label="Additional Information"
I've tried a few different regex commands but I'm not able to extract the necessary information without exactly stating how many / there will be.
blah\.com[.*\/](.*?)"\|name
Try this :
blah\.com.*\/(.*?)"\|
Check here
If your username format is this :
value="abc.xyz/something/something/..../USERNAME"
then use this :
\..*\/(.*?)"
check here
Possible solution:
value="[a-z\.\/]*\/(.*)"
(The first capture group is the username)
Working example:
https://regex101.com/r/qZ0zC8/2
Mayby like this?
blah.(\w+\/)+\K([\w]+)
It's catch Username but since it's between ** so I also match them
tested in notepad++