Hi,
I want to use REGEX and FORMAT strings for an xml sample as given without using KV_MODE=xml
So i am trying to use different regex to get hold of parsing fields but failing
Please find the sample log for your reference and help
-80.03107887624853,25.351308629611 Interdiction 6 Assured 2013-11-03 04:40:00 Infiltrators:
Savanna Carrera,
Gregoria Farías,
Julina Abeyta,
Mariquita Alonso,
Urbano Briseño,
Victoro Montano 3 Raft -80.33045250710296,24.93574264936793 Interdiction 9 Pompano 2013-05-04 04:22:00 0 -80.30497342463124,24.07890526980327 Rustic -79.94720757796837,24.82172611548247 Interdiction 12 Barracuda 2013-01-01 05:22:00 Infiltrators:
Cristian Caballero,
Vicenta Olivares,
Leonides Cintrón,
Ascencion Betancourt,
Alanzo Arenas,
Primeiro Sánchez,
Serena Monroy,
Madina Mojica,
Consolacion Cordero,
Faqueza Serrano,
Grazia Quesada,
Ivette Partida 0 Rustic )
TIME_PREFIX =
TIME_FORMAT = %Y-%m-%d<\/ActionDate>[\r\n]\t+%H:%M:%S
SHOULD_LINEMERGE = false
MAX_DAYS_AGO = 2500
SEDCMD-aremoveheader = s/\<\?xml.*\s*\\s*//g
SEDCMD-bremovefooter = s/\<\/dataroot\>//g
REPORT-f = dream_attack
KV_MODE = none
**transforms.conf**
[dream_attack]
REGEX = (?m)^[^<]+.(.*?)\>([\S\s]*?)\<(?=[^\s])
FORMAT = $1::$2
Please suggest me why i am failing?
Thanks
↧