正则表达式获取匹配字符串后的单词

内容如下:

Subject:
Security ID:        S-1-5-21-3368353891-1012177287-890106238-22451
Account Name:       ChamaraKer
Account Domain:     JIC
Logon ID:       0x1fffb


Object:
Object Server:  Security
Object Type:    File
Object Name:    D:\ApacheTomcat\apache-tomcat-6.0.36\logs\localhost.2013-07-01.log
Handle ID:  0x11dc

我需要捕捉这一行中 Object Name:单词后面的单词。这是 D:\ApacheTomcat\apache-tomcat-6.0.36\logs\localhost.2013-07-01.log

我怎么能这么做?

^.*\bObject Name\b.*$匹配-对象名称

368331 次浏览
小开
最佳答案

If you are using a regex engine that doesn't support \K, the following should work for you:

[\n\r].*Object Name:\s*([^\n\r]*)

Working example

Your desired match will be in capture group 1.

[\n\r][ \t]*Object Name:[ \t]*([^\n\r]*)

Would be similar but not allow for things such as " blah Object Name: blah" and also make sure that not to capture the next line if there is no actual content after "Object Name:"

小开

You're almost there. Use the following regex (with multi-line option enabled)

\bObject Name:\s+(.*)$

The complete match would be

Object Name:   D:\ApacheTomcat\apache-tomcat-6.0.36\logs\localhost.2013-07-01.log

while the captured group one would contain

D:\ApacheTomcat\apache-tomcat-6.0.36\logs\localhost.2013-07-01.log

If you want to capture the file path directly use

(?m)(?<=\bObject Name:).*$
小开

Here's a quick Perl script to get what you need. It needs some whitespace chomping.

#!/bin/perl


$sample = <<END;
Subject:
Security ID:        S-1-5-21-3368353891-1012177287-890106238-22451
Account Name:       ChamaraKer
Account Domain:     JIC
Logon ID:       0x1fffb


Object:
Object Server:  Security
Object Type:    File
Object Name:    D:\\ApacheTomcat\\apache-tomcat-6.0.36\\logs\\localhost.2013- 07-01.log
Handle ID:  0x11dc
END


my @sample_lines = split /\n/, $sample;
my $path;


foreach my $line (@sample_lines) {
($path) = $line =~ m/Object Name:([^s]+)/g;
if($path) {
print $path . "\n";
}
}
小开

But I need the match result to be ... not in a match group...

For what you are trying to do, this should work. \K resets the starting point of the match.

\bObject Name:\s+\K\S+

You can do the same for getting your Security ID matches.

\bSecurity ID:\s+\K\S+
小开

This might work out for you depending on which language you are using:

(?<=Object Name:).*

It's a positive lookbehind assertion. More information could be found here.

It won't work with JavaScript though. In your comment I read that you're using it for logstash. If you are using GROK parsing for logstash then it would work. You can verify it yourself here:

https://grokdebug.herokuapp.com/

Enter image description here

小开

This is a Python solution.

import re


line ="""Subject:
Security ID:        S-1-5-21-3368353891-1012177287-890106238-22451
Account Name:       ChamaraKer
Account Domain:     JIC
Logon ID:       0x1fffb


Object:
Object Server:  Security
Object Type:    File
Object Name:    D:\ApacheTomcat\apache-tomcat-6.0.36\logs\localhost.2013-07-01.log
Handle ID:  0x11dc"""






regex = (r'Object Name:\s+(.*)')
match1= re.findall(regex,line)
print (match1)


*** Remote Interpreter Reinitialized  ***
>>>
['D:\\ApacheTomcat\x07pache-tomcat-6.0.36\\logs\\localhost.2013-07-01.log']
>>>

提交答案