我正在研究一个正则表达式,以从具有固定宽度间距的大型机日志行中提取确切字符(...正则表达式不是我的强项,顺便说一句)。
我想提取出状态字段的字段值,状态字段是包含以下示例事件中显示的SUCCESSFUL AUDIT、LOGON COMPLETE 和FINAL FAILED AUDIT值的固定长度字段。
这个固定长度的字段有很多值,所以我无法像我尝试的那样真正提取出文字字符串值。
相反,我想提取从事件位置 54 开始的任何字符,长度正好是 18 个字符。
有关正则表达式或方法等的任何帮助或想法将不胜感激。
528 LOGON 39690 SECURITY LAPTOP 8481 USER AB11 SUCCESSFUL AUDIT BBB908AFB 06/20/12 09:11:43PM
528 LOGON 39692 SECURITY LAPTOP 8495 USER AB11 LOGON COMPLETE BBB908AFB 06/20/12 09:12:12PM
528 LOGOFF 39699 SECURITY DESKTOP 4476 USER ABEQ FINAL FAILED AUDITAADAFCC01 06/20/12 09:55:49PM
- 正则表达式是这个简单问题的复杂解决方案。
- 由于所需输出的输入格式和偏移量是固定的,因此只需逐行读取输入,并且做一些次要的字符串处理。
-
如果仍然需要正则表达式,这是一个起点(尽管在您自己的输入数字中,54 和 18 与您想要的答案不匹配,所以我尝试使用 47 和 16 代替,您可以根据需要修改):
(?<=[a-zA-Z0-9 ]{47})([a-zA-Z0-9 ]{16})
http://regexr.com?328dm
考虑以下通用正则表达式的Powershell示例。
.{53}(.{18})
例
$Matches = @()
$String = '528 LOGON 39690 SECURITY LAPTOP 8481 USER AB11 SUCCESSFUL AUDIT BBB908AFB 06/20/12 09:11:43PM
528 LOGON 39692 SECURITY LAPTOP 8495 USER AB11 LOGON COMPLETE BBB908AFB 06/20/12 09:12:12PM
528 LOGOFF 39699 SECURITY DESKTOP 4476 USER ABEQ FINAL FAILED AUDITAADAFCC01 06/20/12 09:55:49PM
528 LOGON 39690 SECURITY LAPTOP 8481 USER AB11 REMEBER TO VOTE BBB908AFB 06/20/12 09:11:43PM'
Write-Host start with
write-host $String
Write-Host
Write-Host found
([regex]'.{53}(.{18})').matches($String) | foreach {
write-host "key at $($_.Groups[1].Index) = '$($_.Groups[1].Value)'"
} # next match
收益 率
start with
528 LOGON 39690 SECURITY LAPTOP 8481 USER AB11 SUCCESSFUL AUDIT BBB908AFB 06/20/12 09:11:43PM
528 LOGON 39692 SECURITY LAPTOP 8495 USER AB11 LOGON COMPLETE BBB908AFB 06/20/12 09:12:12PM
528 LOGOFF 39699 SECURITY DESKTOP 4476 USER ABEQ FINAL FAILED AUDITAADAFCC01 06/20/12 09:55:49PM
528 LOGON 39690 SECURITY LAPTOP 8481 USER AB11 REMEBER TO VOTE BBB908AFB 06/20/12 09:11:43PM
found
key at 53 = 'SUCCESSFUL AUDIT '
key at 159 = 'LOGON COMPLETE '
key at 265 = 'FINAL FAILED AUDIT'
key at 367 = 'REMEBER TO VOTE '
总结
-
.{53}跳过前 53 个字符(请注意,字符串中的第一个位置为零) -
(.{18})查找并返回 18 个字符宽的字段