Beefy Boxes and Bandwidth Generously Provided by pair Networks
No such thing as a small change
 
PerlMonks  

How do i use perl for replacing capture group content

by Zagidi (Initiate)
on Jul 08, 2019 at 07:22 UTC ( #11102527=perlquestion: print w/replies, xml ) Need Help??

Zagidi has asked for the wisdom of the Perl Monks concerning the following question:

Trying to change all of the indexes ending in _pr (or _np) to linux_pr (or linux_np) Monitor blocks in inputs.conf is limited to messages, secure, cron, maillog, spooler, audit, audit.log Have other files in inputs.conf i do not want to change the indexes. code isn`t working it changes all the indexes to linux instead of linux_pr (or linux_np)
perl -00pe 's#^\[monitor:///var/log/(?:messages|secure|cron|maillog|sp +ooler|audit/audit\.log)\]\n.*^index\s*=\s*\k.+(?=_(?:np|pr)\s*$)#linu +x#ms' inputs.conf _DATA_ [monitor:///var/log/cron] index=NDNW_np sourcetype=syslog [monitor:///var/log/maillog] index=BSKX_np sourcetype=syslog [monitor:///var/log/secure] index=NDNDK_np sourcetype=syslog [monitor:///var/log/spooler] index=DNWN_np sourcetype=syslog [monitor:///var/log/audit/audit.log] index=XBJB_np sourcetype=syslog [monitor:///var/log/messages] index=JNJSJ_pr sourcetype=syslog [monitor:///var/log/cron] index=NCJG_pr sourcetype=syslog [monitor:///var/log/maillog] index=JE3K_pr sourcetype=syslog [monitor:///var/log/secure] index=NLNDKN_pr sourcetype=syslog [monitor:///var/log/spooler] index=EKJC_pr sourcetype=syslog [monitor:///var/log/audit/audit.log] index=QKNK_pr sourcetype=syslog

Replies are listed 'Best First'.
Re: How do i use perl for replacing capture group content
by holli (Abbot) on Jul 08, 2019 at 09:01 UTC
    If you want to exclude certain blocks you need to keep track where you are in the file
    use Modern::Perl; # this is the list of sections to change my @sections = qw/ messages secure cron maillog /; # we put it in a hash for easy lookup my %sections = map { $_ => 1 } @sections; # Herein we remember where we are my $section; while ( my $line = <DATA> ) { # Remember the current section $section = $1 if ( $line =~ m| \[ monitor:// (?: / ( [^/]+ ) )+ \] |x ); # Change the index line if the current section # is one that interests us $line =~ s/ index = ([A-Z0-9]+) _ (np|pr) /** index=LINUX_${2} +/x #<-- you can remove the indent here once you see it works if defined $sections{ $section }; print $line; } __DATA__ [monitor:///var/log/cron] index=NDNW_np sourcetype=syslog [monitor:///var/log/maillog] index=BSKX_np sourcetype=syslog [monitor:///var/log/secure] index=NDNDK_np sourcetype=syslog [monitor:///var/log/spooler] index=DNWN_np sourcetype=syslog [monitor:///var/log/audit/audit.log] index=XBJB_np sourcetype=syslog [monitor:///var/log/messages] index=JNJSJ_pr sourcetype=syslog [monitor:///var/log/cron] index=NCJG_pr sourcetype=syslog [monitor:///var/log/maillog] index=JE3K_pr sourcetype=syslog [monitor:///var/log/secure] index=NLNDKN_pr sourcetype=syslog [monitor:///var/log/spooler] index=EKJC_pr sourcetype=syslog [monitor:///var/log/audit/audit.log] index=QKNK_pr sourcetype=syslog


    holli

    You can lead your users to water, but alas, you cannot drown them.
      Unable to break the event line due to different log event. Need help w +ith regex to match the following and break the event. [{"log_message":" {"log_message":" eg. The second line has two event , unable to break the event into si +ngle line [{"log_message":"***************************************************** +********************************************************************* +************************************************} {"log_message":"****************************************************** +**************************************************]****************** +******{"log_message":************************************************ +********************************************]
Re: How do i use perl for replacing capture group content (updated)
by haukex (Bishop) on Jul 08, 2019 at 13:23 UTC
    code isn`t working it changes all the indexes to linux instead of linux_pr (or linux_np)
    perl -00pe 's#^\[monitor:///var/log/(?:messages|secure|cron|maillog|sp +ooler|audit/audit\.log)\]\n.*^index\s*=\s*\k.+(?=_(?:np|pr)\s*$)#linu +x#ms' inputs.conf _DATA_ [monitor:///var/log/cron] index=NDNW_np sourcetype=syslog ...

    That's not the behavior I'm seeing. I'm getting the error message "Sequence \k... not terminated in regex", and if you correct \k to \K, the code works fine for me. Please take care that when you post questions, they are as accurate as possible. Please read How do I post a question effectively?, SSCCE, and I know what I mean. Why don't you?

    Update: It appears you've edited your previous question from yesterday, Regex for replacing capture group content using perl, to add this question there as well. Please don't do this, making a new post is enough - in this case a reply in the previous thread would probably have been best, so that the question has more context. And I already pointed you to How do I change/delete my post? and "It is uncool to update a node in a way that renders replies confusing or meaningless".

Re: How do i use perl for replacing capture group content
by LanX (Cardinal) on Jul 08, 2019 at 07:46 UTC
Re: How do i use perl for replacing capture group content
by Anonymous Monk on Jul 08, 2019 at 07:56 UTC
    Just say no to one liners ;)

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: perlquestion [id://11102527]
Approved by Discipulus
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others chilling in the Monastery: (2)
As of 2020-11-30 08:14 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found

    Notices?