This project has moved and is read-only. For the latest updates, please go here.

filter with excludes

Jul 17, 2012 at 1:38 PM

Hi.

I have a file from a syslog server. To analyse this file I need to filter based on the severity. That´s the easy part. If I have frequent iterations of the same syslog message, I would like to exclude those from the match.

Example: I want to match every line with the word "Error" but not the lines that contain "Error" and "Default"

Example 2: I want to match every line with the word "Error" but not the lines that contain "Error" and "Default" or "UPDOWN"

Is that possible?

Regards
Fabian

Jul 17, 2012 at 3:40 PM

I think that's not possible with a simple RegEx term. But you can achieve this in 2 steps by using filter tabs:

Step1: Filter for "Error" and put the result to a filter tab (see advanced filter)

Step2: On the filter tab filter for "Default|UPDOWN" (RegEx) with 'Invert Match' option enabled.

Jul 18, 2012 at 12:51 PM

Thank´s for the quick reply. Interesting idea, but I think that will need to much steps to review the whole log file. The review process I am designing should have a minimum steps and should be easy to understand to avoid problems. After everyone in our team got comfortable with the tool, we may change the review process.
For my current problem I found a better solution. I´ll use the highlighting to colour the interesting lines. The not interesting lines will use the default colouring. Messages that clearly identify a problem will get a bookmark. Filters are used to display the actual severity levels.

Thank you for the support and for the great tool.

Aug 8, 2012 at 1:58 PM

Normally the RegEx engine should allow to negate a Regex group like this: (?!foo)

Example: I want to match every line with the word "Error" but not the lines that contain "Error" and "Default"

^.*?ERROR((?!Default).)*$

Example 2: I want to match every line with the word "Error" but not the lines that contain "Error" and "Default" or "UPDOWN"

^.*?ERROR((?!Default|UPDOWN).)*$

 

I tried it in LogExpert and its RegEx engine allow those patterns.

Credits goes to:

http://stackoverflow.com/questions/406230/regular-expression-to-match-string-not-containing-a-word