我想使用.NET / Powershell正则表达式在日志中搜索特定位置的Success状态,比如ABC。
如果我使用以下模式:"(?ms)A status: Success.*?Location: " with global(aka AllMatches),那么它会在任何位置找到状态为Success的所有日志记录。
如果我试图通过将ABC附加到模式来缩小范围,那么比赛太贪婪了,从第18行的成功一直到第28行的ABC。
我放弃并使用了一个更明确的模式(它抓取完整的日志记录,似乎工作,因为我在Success和Location之间指定了一个模式):
(?sm)^\d([ \S]*\s{10}){3}A status: Success\s{2}([ \S]*\s{10}){2}Location: ABC[ \S]*
是否有一个更简单的模式可以找到我追求的东西?
注意:我不介意该模式是否从日期时间(包括)到日期时间(不包括)获取完整日志记录,
日志文件:
04/09/2018 06:31:59 AM [class | Info] some message received from 101592 (123.123.123.124)
Request Id: 0 (Descriptor: 0, Operator Request Id: 0)
A type: bar
A status: Queued
The id: 1E25
Additional info: Inserted in queue at position 1 on device ABC
Location: ABC, subarea: 2
04/09/2018 06:31:59 AM [class | Info] some message received from 102364 (123.123.123.123)
Request Id: 0 (Descriptor: 0, Operator Request Id: 0)
A type: bar
A status: Queued
The id: 1E25
Additional info: Inserted in queue at position 1 on device ABC
Location: ABC, subarea: 2
04/09/2018 06:31:59 AM [class | Info] some message received from 102364 (123.123.123.123)
Request Id: 0 (Descriptor: 0, Operator Request Id: 0)
A type: blah bit foo
A status: Success
The id: T908
Additional info:
Location: DEF, subarea: 3
04/09/2018 06:32:00 AM [class | Info] some message received from 102364 (123.123.123.123)
Request Id: 0 (Descriptor: 0, Operator Request Id: 0)
A type: bar
A status: Success
The id: DG08
Additional info:
Location: ABC, subarea: 1
尝试这种模式:^\d{2}\/(.++\n){3}(?=.+Success)(.++\n){3}(?=.+ABC).++。
我开始一场比赛,如果在线的开头有两个数字,后跟/:^\d{2}\/。
然后,我匹配三条线,进入status线:(.++\n){3},我使用占有量词来避免回溯。
然后,如果Success出现在当前行上,我将匹配接下来的三行(我检查具有正向前瞻):(?=.+Success)(.++\n){3}。
然后我匹配最后一行,如果该行中有ABC:(?=.+ABC).++。