100

Below is the content:

Subject:
    Security ID:        S-1-5-21-3368353891-1012177287-890106238-22451
    Account Name:       ChamaraKer
    Account Domain:     JIC
    Logon ID:       0x1fffb

Object:
    Object Server:  Security
    Object Type:    File
    Object Name:    D:\ApacheTomcat\apache-tomcat-6.0.36\logs\localhost.2013-07-01.log
    Handle ID:  0x11dc

I need to capture the words after the Object Name: word in that line. Which is D:\ApacheTomcat\apache-tomcat-6.0.36\logs\localhost.2013-07-01.log.

How can I do this?

^.*\bObject Name\b.*$ matches - Object Name

Improve this question
0

6 Answers 6

Reset to default
76

But I need the match result to be ... not in a match group...

For what you are trying to do, this should work. \K resets the starting point of the match.

\bObject Name:\s+\K\S+

You can do the same for getting your Security ID matches.

\bSecurity ID:\s+\K\S+
Improve this answer
3
  • 6
    \K not working in javascript, any other solutions?
    – Jim
    Commented Nov 1, 2016 at 3:59
  • This worked great for me in Notepad++. I'm not sure what regex processor it uses, but it does allow the \K when doing regex searches.
    – Mark
    Commented Jun 7, 2017 at 20:33
  • 1
    regexr says \K works only with PCRE and not in javascript, no clue what PCRE is though, seems server sided stuff.
    – Mixxiphoid
    Commented Sep 11, 2018 at 14:15
60

If you are using a regex engine that doesn't support \K, the following should work for you:

[\n\r].*Object Name:\s*([^\n\r]*)

Working example

Your desired match will be in capture group 1.

[\n\r][ \t]*Object Name:[ \t]*([^\n\r]*)

Would be similar but not allow for things such as " blah Object Name: blah" and also make sure that not to capture the next line if there is no actual content after "Object Name:"

Improve this answer
12
  • 3
    But i need the match result to be D:\ApacheTomcat\apache-tomcat-6.0.36\logs\localhost.2013-07-01.log not in a match group
    – Chamara Keragala
    Commented Oct 5, 2013 at 2:26
  • @CasperNine, why? And what language are you using?
    – Smern
    Commented Oct 5, 2013 at 2:26
  • because the program im using captures only match result. Im using a log management tool called logstash. put your regex to this site regexpal.com and see.. it matches the whole line.
    – Chamara Keragala
    Commented Oct 5, 2013 at 2:30
  • 3
    @CasperNine, it depends on if that supports lookbehinds. Try this and let me know your result: (?<=Object Name:)([^\n\r]*) See here
    – Smern
    Commented Oct 5, 2013 at 2:37
  • 2
    @CasperNine, you could try matching against newlines instead of any space characters... [^\r\n]+(?=\s+Handle ID:)
    – Smern
    Commented Oct 8, 2013 at 12:55
20

You're almost there. Use the following regex (with multi-line option enabled)

\bObject Name:\s+(.*)$

The complete match would be

Object Name:   D:\ApacheTomcat\apache-tomcat-6.0.36\logs\localhost.2013-07-01.log

while the captured group one would contain

D:\ApacheTomcat\apache-tomcat-6.0.36\logs\localhost.2013-07-01.log

If you want to capture the file path directly use

(?m)(?<=\bObject Name:).*$
Improve this answer
9
  • I want the complete match to be D:\ApacheTomcat\apache-tomcat-6.0.36\logs\localhost.2013-07-01.log can't i do that?
    – Chamara Keragala
    Commented Oct 5, 2013 at 2:32
  • 1
    @CasperNine Yes, you can. Updated the regex.
    – Ravi K Thapliyal
    Commented Oct 5, 2013 at 2:37
  • @hwnd yes thats correct. But how that actually works? what if need to match words which are in the line Security ID:
    – Chamara Keragala
    Commented Oct 5, 2013 at 2:39
  • @CasperNine, did you try (?m)(?<=\bObject Name:).*$?
    – Ravi K Thapliyal
    Commented Oct 5, 2013 at 2:43
  • 1
    @CasperNine, I guess it's not possible for you to trim it but variable length look-behind is not supported with almost all the regex engines. You could use (?m)(?<=\bObject Name:\s{4}).*$ but it would fail for others like Security ID: because the amount of whitespace varies.
    – Ravi K Thapliyal
    Commented Oct 5, 2013 at 2:47
18

This might work out for you depending on which language you are using:

(?<=Object Name:).*

It's a positive lookbehind assertion. More information could be found here.

It won't work with JavaScript though. In your comment I read that you're using it for logstash. If you are using GROK parsing for logstash then it would work. You can verify it yourself here:

https://grokdebug.herokuapp.com/

Enter image description here

Improve this answer
-4

This is a Python solution.

import re

line ="""Subject:
    Security ID:        S-1-5-21-3368353891-1012177287-890106238-22451
    Account Name:       ChamaraKer
    Account Domain:     JIC
    Logon ID:       0x1fffb

Object:
    Object Server:  Security
    Object Type:    File
    Object Name:    D:\ApacheTomcat\apache-tomcat-6.0.36\logs\localhost.2013-07-01.log
    Handle ID:  0x11dc"""



regex = (r'Object Name:\s+(.*)')
match1= re.findall(regex,line)
print (match1)

*** Remote Interpreter Reinitialized  ***
>>> 
['D:\\ApacheTomcat\x07pache-tomcat-6.0.36\\logs\\localhost.2013-07-01.log']
>>>
Improve this answer
-4

Here's a quick Perl script to get what you need. It needs some whitespace chomping.

#!/bin/perl

$sample = <<END;
Subject:
  Security ID:        S-1-5-21-3368353891-1012177287-890106238-22451
  Account Name:       ChamaraKer
  Account Domain:     JIC
  Logon ID:       0x1fffb

Object:
  Object Server:  Security
  Object Type:    File
  Object Name:    D:\\ApacheTomcat\\apache-tomcat-6.0.36\\logs\\localhost.2013- 07-01.log
  Handle ID:  0x11dc
END

my @sample_lines = split /\n/, $sample;
my $path;

foreach my $line (@sample_lines) {
  ($path) = $line =~ m/Object Name:([^s]+)/g;
  if($path) {
    print $path . "\n";
  }
}
Improve this answer
1
  • regex not python
    – Michael Cole
    Commented Feb 6, 2018 at 19:12

Not the answer you're looking for? Browse other questions tagged or ask your own question.