TechQA.

Sumo Logic - Replace value with regex

2.1k views Asked by At

I'm parsing the request_uri from a log file:

_sourceName="/opt/zazma/var/logs/AuditRequest.log"
| parse "method=*, statusCode=*, requestURI=*," as method, status_code, request_uri
| count by method, request_uri, status_code
| sort by request_uri

The URI includes IDs and email addresses. I want to replace all existing IDs with '{Id}' or '*', and all existing emails with '{email}', but Sumo's REPLACE function doesn't support regex.

Is there any other way to replace the value in the URI?

sumologic
Original Q&A
1

There are 1 answers

0
Jim On

You can match the start and end bits each side of the part you want to replace and join them back together later:

parse regex "(?<start>.*)(?<guid>[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}?)(?<end>.*?)$" nodrop | concat(start, "{id}", end) as result

Related Questions in SUMOLOGIC

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions