Regex to get the words after matching string

regex expression regex-negation regex-lookarounds

336,217

Solution 1

The following should work for you:

[\n\r].*Object Name:\s*([^\n\r]*)

Working example

Your desired match will be in capture group 1.

[\n\r][ \t]*Object Name:[ \t]*([^\n\r]*)

Would be similar but not allow for things such as " blah Object Name: blah" and also make sure that not to capture the next line if there is no actual content after "Object Name:"

Solution 2

But I need the match result to be ... not in a match group...

For what you are trying to do, this should work. \K resets the starting point of the match.

\bObject Name:\s+\K\S+

You can do the same for getting your Security ID matches.

\bSecurity ID:\s+\K\S+

Solution 3

You're almost there. Use the following regex (with multi-line option enabled)

\bObject Name:\s+(.*)$

The complete match would be

Object Name:   D:\ApacheTomcat\apache-tomcat-6.0.36\logs\localhost.2013-07-01.log

while the captured group one would contain

D:\ApacheTomcat\apache-tomcat-6.0.36\logs\localhost.2013-07-01.log

If you want to capture the file path directly use

(?m)(?<=\bObject Name:).*$

Solution 4

This might work out for you depending on which language you are using:

(?<=Object Name:).*

It's a positive lookbehind assertion. More information could be found here.

It won't work with JavaScript though. In your comment I read that you're using it for logstash. If you are using GROK parsing for logstash then it would work. You can verify it yourself here:

https://grokdebug.herokuapp.com/

View more solutions

336,217

Chamara Keragala

Sysadmin/Developer

Updated on December 12, 2020

Comments

Chamara Keragala over 3 years

Below is the content:

Subject:
    Security ID:        S-1-5-21-3368353891-1012177287-890106238-22451
    Account Name:       ChamaraKer
    Account Domain:     JIC
    Logon ID:       0x1fffb

Object:
    Object Server:  Security
    Object Type:    File
    Object Name:    D:\ApacheTomcat\apache-tomcat-6.0.36\logs\localhost.2013-07-01.log
    Handle ID:  0x11dc

I need to capture the words after the Object Name: word in that line. Which is D:\ApacheTomcat\apache-tomcat-6.0.36\logs\localhost.2013-07-01.log.

How can I do this?

^.*\bObject Name\b.*$ matches - Object Name

Chamara Keragala over 10 years

But i need the match result to be D:\ApacheTomcat\apache-tomcat-6.0.36\logs\localhost.2013-07-‌01.log not in a match group
Smern over 10 years

@CasperNine, why? And what language are you using?
Chamara Keragala over 10 years

because the program im using captures only match result. Im using a log management tool called logstash. put your regex to this site regexpal.com and see.. it matches the whole line.
Chamara Keragala over 10 years

I want the complete match to be D:\ApacheTomcat\apache-tomcat-6.0.36\logs\localhost.2013-07-‌01.log can't i do that?
Smern over 10 years

@CasperNine, it depends on if that supports lookbehinds. Try this and let me know your result: (?<=Object Name:)([^\n\r]*) See here
Ravi K Thapliyal over 10 years

@CasperNine Yes, you can. Updated the regex.
Chamara Keragala over 10 years

@hwnd yes thats correct. But how that actually works? what if need to match words which are in the line Security ID:
Ravi K Thapliyal over 10 years

@CasperNine, did you try (?m)(?<=\bObject Name:).*$?
Chamara Keragala over 10 years

@RaviThapliyal your updated regex keeps a blank space in front of the line. how do i avoid that?
Smern over 10 years

@CasperNine, then you'll have to either use capture groups or base it off the following line like this: [^\s]+(?=\s+Handle ID:) The problem with this is that it isn't flexible so if your format or order changes at all it wont work.
Chamara Keragala over 10 years

n̶o̶p̶e̶ ̶i̶t̶ ̶d̶o̶e̶s̶n̶'̶t̶ ̶w̶o̶r̶k̶ ̶:̶(̶ . Sorry it Works. but keeps a blank space at the beginning of the match line/
Chamara Keragala over 10 years

let us continue this discussion in chat
Ravi K Thapliyal over 10 years

@CasperNine, I guess it's not possible for you to trim it but variable length look-behind is not supported with almost all the regex engines. You could use (?m)(?<=\bObject Name:\s{4}).*$ but it would fail for others like Security ID: because the amount of whitespace varies.
Ravi K Thapliyal over 10 years

@hwnd: that would fail if the file structure changes (re-ordered or the next token is dropped).
Smern over 10 years

In lookbehinds you cannot use quantifiers so you could remove the blank space by putting the exact amount of spaces... but this wouldn't be flexible if you have varying number of spaces between the key/value pair.
hwnd over 10 years

Yes, I saw that, I posted an answer on how he could do it.
Chamara Keragala over 10 years

Thanks a bunch for your answers and comments. I've +1ed.
Ravi K Thapliyal over 10 years

Oh, sweet. \K +1 mate. This is "the" answer.
Chamara Keragala over 10 years

I have one more question from you. How do i use [^\s]+(?=\s+Handle ID:) when the string is something like Object Name: F:\Shared\Full_Option\Standed sinhala letters\Lalith\~$rapt order.doc? Something with spaces
Smern over 10 years

@CasperNine, you could try matching against newlines instead of any space characters... [^\r\n]+(?=\s+Handle ID:)
Jim over 7 years

\K not working in javascript, any other solutions?
Mark almost 7 years

This worked great for me in Notepad++. I'm not sure what regex processor it uses, but it does allow the \K when doing regex searches.
Michael Cole over 6 years

regex not python
Mixxiphoid over 5 years

regexr says \K works only with PCRE and not in javascript, no clue what PCRE is though, seems server sided stuff.
lacostenycoder about 2 years

This is perfect! Been looking for exactly this for too long!