RSyslog Documentation

re_extract()

Purpose

re_extract(expr, re, match, submatch, no-found)

Extracts data from a string (property) via a regular expression match. POSIX ERE regular expressions are used. The variable “match” contains the number of the match to use. This permits to pick up more than the first expression match. Submatch is the submatch to match (max 50 supported). The “no-found” parameter specifies which string is to be returned in case when the regular expression is not found. Note that match and submatch start with zero. It currently is not possible to extract more than one submatch with a single call.

Note

Functions using regular expressions tend to be slow and other options may be faster.

Example

In the following example the msg object is checked for the regex string. Only the first match is used and if no match was found an empty string is returned.

re_extract($msg,'(5[1-5][0-9]{14})',0,1,"")

See also

Help with configuring/using Rsyslog:

  • Mailing list - best route for general questions
  • GitHub: rsyslog source project - detailed questions, reporting issues that are believed to be bugs with Rsyslog
  • Stack Exchange (View, Ask) - experimental support from rsyslog community

See also

Contributing to Rsyslog:

© 2008-2019, `Rainer Gerhards and Others. This site uses the “better” theme for Sphinx.
Scroll to top