sam_111661
Apr 17, 2009Nimbostratus
findstr
Suppose I have data that contains the following:
randomcharacetrs... str=mystring1 str=mystring2 randomcharacetrs...
Is there a way I could store mystring1 and mystring2 ...
when RULE_INIT {
set ::sample_input_string {random characters... str=mystring1 str=mystring2 random characters...}
log local0. "Sample input string: $::sample_input_string"
get the str=chars from the original string
set ::matches [regexp -inline -all {str=[^ ]+} $::sample_input_string]
log local0. "\$::matches: $::matches"
loop through each str= and parse the values
foreach ::str [split $::matches] {
log local0. "\$::str = $::str, value = [getfield $::str "=" 2]"
}
}
Log output:
Rule : Sample input string: random characters... str=mystring1 str=mystring2 random characters...
Rule : $::matches: str=mystring1 str=mystring2
Rule : $::str = str=mystring1, value = mystring1
Rule : $::str = str=mystring2, value = mystring2
It might be possible to do this with string operations as well, but that is more dependent on the input forms. Can you provide a few more samples of the input?
Will the random characters always be the same length? Will the strings you want to match (str=mystring1 str=mystring2) always be next to each other, separated only be a space?
Aaron