tags:

views:

161

answers:

4
+1  Q: 

A regular expression to retrieve the previous line in a log file

My log files contain the following:

2009-03-12T12:44:27+0000 something was logged
2009-03-12T12:45:36+0000 127.0.0.1 127.0.0.1 <auth.info> last message repeated 2 times

I can write a regular expression that retrieves the line with the "last message repeated..." statement, however, that line is meaningless without also retrieving the line that precedes it.

With that being said, does anyone know of a regular expression that would allow me to retrieve both lines whenever the "last message repeated..." statement is detected?

A: 

I would do it this way. Try to search for pattern that includes two groups. First group is a line followed by another group containing another line with "last message repeated" text. Then the content of the first group is the text you are looking for.

Something like this (this is overly simplified regex):

\n(.*)\n(.*)last message repeated

Now first group value contain the line you are interested in.

David Pokluda  2009-03-12 18:11:59
What would that regex look like?
Huuuze  2009-03-12 18:13:02
@David: Can u give the regex with two groups as u said?
goldenmean  2009-03-12 18:21:31
Regexes added to the answer. Those are simple but you get the idea. They work - I verified them in Regex Buddy.
David Pokluda  2009-03-12 18:22:55
+1  A: 

Edited to be 2 group matching regex. You can give it a shot at: RegexLib

Less then optimized but this: 

([\r\n].*?)(?:=?\r|\n)(.*?(?:last message repeated).*)

Should work to get results out of something like this:

2009-03-12T12:44:27+0000 something1 was logged
2009-03-12T12:44:27+0000 something2 was logged
2009-03-12T12:45:36+0000 127.0.0.1 127.0.0.1 <auth.info> last message repeated 2 times
2009-03-12T12:44:27+0000 something3 was logged
2009-03-12T12:44:27+0000 something4 was logged
2009-03-12T12:44:27+0000 something5 was logged
2009-03-12T12:45:36+0000 127.0.0.1 127.0.0.1 <auth.info> last message repeated 2 times

Resulting in: 

Matches
First Match, First Group: 2009-03-12T12:44:27+0000 something2 was logged
First Match, Second Group: 2009-03-12T12:45:36+0000 127.0.0.1 127.0.0.1 <auth.info> last message repeated 2 times
Second Match, First Group: 2009-03-12T12:44:27+0000 something5 was logged 
Second Match, Second Group: 2009-03-12T12:45:36+0000 127.0.0.1 127.0.0.1 <auth.info> last message repeated 2 times
Quintin Robinson  2009-03-12 18:20:20
A: 

Does it have to be regex? grep allows you to get a context before and after match (-B NUM and -A NUM options)

Chetan Sastry  2009-03-12 18:21:01
Good answer, but, yes, it has to be a regex.
Huuuze  2009-03-12 18:31:41
A: 

The pattern ^.*$ matches a whole line. Translation: Start Of Line, followed by any number of characters, followed by End Of Line. So perhaps you can search for "any line, followed by" (the pattern you have there).

gbarry  2009-03-12 18:21:41

related questions

Passing a commented, multi-line (freespace) regex to preg_match
My regex is matching too much. How do I make it stop?
Using Regex to generate Strings rather than match them
Complexity of Regex substitution
What is the most brilliant regex you've ever used?
RFC calculation in Java need help with algorithm
What did I do wrong here? [Javascript Regex]
How do you use back-references to PCREs in PHP?
Need help writing a regex statement. [PHP]
Regex and unicode
Python Regular Expressions
Question about specific regular expression
Pre-built regular expression patterns or Regex Libraries?
Parsing attributes with regex in Perl
Regex Rejecting matches because of Instr
How do I bind a regular expression to a key combination in emacs?
How do you retrieve selected text using Regex in C#?
Remove Quotes and Commas from a String in MySQL
Regular expression for parsing links from a webpage?
What are good regular expressions?
Why is this regular expression faster?
Learning Regular Expressions
How far should one take e-mail address validation?
How can I get at the matches when using preg_replace in PHP?
Regex: To pull out a sub-string between two tags in a string