Re: How do i use perl for replacing capture group content

If you want to exclude certain blocks you need to keep track where you are in the file

use Modern::Perl;

# this is the list of sections to change
my @sections = qw/ messages secure cron maillog /;

# we put it in a hash for easy lookup
my %sections = map { $_ => 1 } @sections;

# Herein we remember where we are
my $section;

while ( my $line = <DATA> )
{
    # Remember the current section
    $section = $1 
        if ( $line =~ m| \[ monitor:// (?:  / ( [^/]+ ) )+ \] |x );
        
    # Change the index line if the current section
    # is one that interests us
    $line =~ s/ index = ([A-Z0-9]+) _ (np|pr) /**     index=LINUX_${2}
+/x #<-- you can remove the indent here once you see it works
        if defined $sections{ $section };
    
    
    print $line;
}

__DATA__
[monitor:///var/log/cron]
index=NDNW_np
sourcetype=syslog

[monitor:///var/log/maillog]
index=BSKX_np
sourcetype=syslog

[monitor:///var/log/secure]
index=NDNDK_np
sourcetype=syslog

[monitor:///var/log/spooler]
index=DNWN_np
sourcetype=syslog

[monitor:///var/log/audit/audit.log]
index=XBJB_np
sourcetype=syslog

[monitor:///var/log/messages]
index=JNJSJ_pr
sourcetype=syslog

[monitor:///var/log/cron]
index=NCJG_pr
sourcetype=syslog

[monitor:///var/log/maillog]
index=JE3K_pr
sourcetype=syslog

[monitor:///var/log/secure]
index=NLNDKN_pr
sourcetype=syslog

[monitor:///var/log/spooler]
index=EKJC_pr
sourcetype=syslog

[monitor:///var/log/audit/audit.log]
index=QKNK_pr
sourcetype=syslog
[download]

holli

You can lead your users to water, but alas, you cannot drown them.

Comment on Re: How do i use perl for replacing capture group content Download Code

Replies are listed 'Best First'.
Regex to capturing group event by Zagidi (Initiate) on Oct 09, 2020 at 10:55 UTC
Unable to break the event line due to different log event. Need help w +ith regex to match the following and break the event. [{"log_message":" {"log_message":" eg. The second line has two event , unable to break the event into si +ngle line [{"log_message":"*************************************************** +***************************************************************** +********************************************} {"log_message":"************************************************** +**********************************************]************** +**{"log_message":******************************************** +******************************************] [download]	[reply] [d/l]

Replies are listed 'Best First'.

Regex to capturing group event
by Zagidi (Initiate) on Oct 09, 2020 at 10:55 UTC


Unable to break the event line due to different log event. Need help w
+ith regex to match the following and break the event. 

[{"log_message":" 

{"log_message":"

eg. The second line has two event  , unable to break the event into si
+ngle line

[{"log_message":"*****************************************************
+*********************************************************************
+************************************************}

{"log_message":"******************************************************
+**************************************************]******************
+******{"log_message":************************************************
+********************************************]
[download]

[reply]
[d/l]