I need to extract the command, whatever we see in ( ) after the word CMD in the following line.
Oct 29 08:00:01 data2 crond[14368]: (root) CMD (sh -xv /home//ste-telnet.sh > /home/hari/logs/ste-telnet$(date +'%Y_%m_%d_%h_%m').succ 2> /home/hari/logs/ste-telnet$(date +'%Y_%m_%d_%h_%m').err)
I need to use regular expression for this since splunk understands only that.
Try this
CMD (.*)$
This will work if the last thing on the line is a command (the column containing CMD is the last column)
This is a bit tricky. The problem is that you're having nested parentheses there. So if you use
CMD \((.*)\)
you will get a correct result in your case (the actual command will be in the match's group number 1), but that would fail as soon as you'd have more than one command (or more than one set of outermost parentheses after CMD) in your string.
Related
I am looking to replace full stops in a filename however I need to remove some and replace others.
The file names are structured like so:
A.A M12345678 SOMEWORD 20.08.2019.pdf
A.A M12345678 SOMEWORD1 SOMEWORD2 20.08.2019.pdf
I want the format to be the following:
AA M12345678 SOMEWORD 20-08-2019.pdf
AA M12345678 SOMEWORD1 SOMEWORD2 20-08-2019.pdf
So the first full stop should be removed but the full stop encountered in the date should be a hyphen (-).
I have been using command prompt but I am running into some issues as I am fairly new to regular expressions.
I have tried approaching the problem one step at a time namely by just focusing on replacing the date format.
I've tested my regex using https://regexr.com/ and it matches correctly.
[0-9]\K[.]
My understanding of the code above should match the full stops in the date.
However when I run the following command:
ren *[0-9]\K[.].pdf -
It fails to find the file.
Expected Result
AA M12345678 SOMEWORD 20-08-2019.pdf
Actual Result
The expression I use just returns this error when I use the REN command.
"The filename, directory name, or volume label syntax is incorrect."
Pretty sure you could do this in the command-line with sed as follows. Run the following command:
sed -i "s/(\d\d)\.(\d\d)\.(\d\d\d\d)/\1-\2-\3 ; s/^(.)\.(.*)/\1\2/" <YOUR_FILE>
The -i flag is for modification in place. Here, I'm running two separate search-and-replace functions on each line; the first is to match to a date, and then format it accordingly, and the second is to match your A.A metadata and format it accordigly.
More about capture groups here.
I have a few Regex expressions that I use with xVim for Xcode. Rather than repeatedly typing them out in the command bar with \<Regex>, I'd like to be able to invoke them with a custom command, like :Regex1. So I've added command Regex1 “/-\s*\(“ to my xvimrc file and restarted Xcode. When I run :Regex1 however nothing happens.
Your command wouldn't even work in original Vim. I don't know xVim, but try something along these lines:
" With cursor moving to match.
command Foo /foo/
" Just updating the search pattern (but less likely to be portable to xVim).
command Foo let #/ = 'foo'
If none of that works; try defining a mapping instead. As this is just translating keys, it has the highest chance of being supported.
I would suggest using this PERL Regex plugin since it already does what you want.
https://github.com/othree/eregex.vim
Abbreviations ...
I understand you often use the same regex. You can use abreviations instead of a command to do a search.
ab re -\s*(
then type / + re + space and your long regex (here just "-\s*(" should expand).
... Not user defined command
User defined commands are not available in ed nor in vi nor in vim without the +eval compilation flag (:h user-commands and scroll one line up).
For a list of ex commands: http://www.csb.yale.edu/userguides/wordprocess/vi-summary.html
For a list of ed commands: http://pubs.opengroup.org/onlinepubs/7908799/xcu/ed.html
This command
%s#^#/*
and this command
%s#$#*/
works fine in vi editor on ubuntu 14.04 when I execute them separately one after another.
What I need is execute them both in one line like
%s#^#/* <bar> %s#$#*/
I also tried | and ; and CR as separator and always get error 488 trailing character
In my vim 7.4 patch 769 this works very well.
:%s/foo/FOO/ | %s/bar/BAR/
It looks like you have omitted the final separator character from your substitutions. Vim doesn't know where your replacement string ends without having the terminating # chars in there. When doing a usual command of one substitution, vim treats the end of the command as the terminating separator if one is not to be found.
For instance, it works if you omit the terminator in the last substitution of the command:
:%s/foo/FOO/ | %s#bar#BAR
And finally a quick tip regarding to your subs. You can wrap a line in text with a single substitution with some basic capture group magic. Match for the whole line and use & in the replacement to reuse the matched text:
:s#.*#/* & */
I want to delete everything from start of the document upto some regex match, such as _tmm. I wrote the following custom command:
command! FilterTmm exe 'g/^_tmm\\>/,/^$/mo$' | norm /_tmm<CR> | :0,-1 d
This doesn't work as expected. But when I execute these commands directly using the command line, they work.
Do you have any alternative suggestions to accomplish this job using custom commands?
It seems that you want to remove from beginning to the line above the matched line.
/pattern could have offset option. like /pattern/{offset}, :h / for detail, for your needs, you could do (no matter where your cursor is):
ggd/_tmm/-1<cr>
EDIT
I read your question twice, it seems that you want to do it in a single command line.
Your script has problem, normal doesn't support |, that is, it must be the last command.
try this line, if it works for you:
exe 'norm gg'|/_tmm/-1|0,.d
I'm using this command below to remove the first column of a document:
%s/^[^\t]*\zs\t[^\t]*\ze//g
but it says command not found. Any idea?
Here's the quickest way to remove the first column:
Press gg to go to the first character in the document.
Hit Ctrl+V to enter visual block mode.
Hit G (that is, shift-g) to go to the end of the document
Hit x to delete the first column.
I like the block selection solution of #Peter, but if you want to use substitution you need this command:
:%s/^.//
Let's analyze why this works:
:%s exec a substitution on all the document
/^./ select the first character after the start of the line
/ and replace it with... nothing.
If I understand you correctly, this should do the job:
:%s/^[^\t]//
The command removes all leading characters that are not a tabulator.
Alternatively, if you're editing a tabulator separated values document and want to remove all "columns" before the first tabulator, then this should do it for you:
%s/^[^\t]*\t//
The below command worked for me:
:%s/^\w*//