Excluding a strings in a regex
In the spirit of Karnaugh's recent blog post about RTFM and GIYF, I am posting the solution to a problem I had at work today.
In any system that generates more than the most trivial volume of logs (especially if said logs contain debug info and other cruft that is only useful in very specific situations), you need some kind of automated parsing. This usually means matching each line against a set of regular expressions.
Consider the following log format:
In our toy example, loglevel could be DBEUG, INFO or ERROR. We want to match everything at ERROR level (because we are using third party libraries that may log errors we don't yet know about) but we want to ignore a particular spurious message caused by a bug that has not yet been fixed.
The regex to match all error lines is easy: /ERROR/
The regex to match all error lines that don't contain the substring nasty false alarm is a little more difficult, and requires a PCRE extended pattern. Specifically, a look-ahead assertion. The syntax for this is (?!
).
Thus, our final regex becomes: /ERROR(?!.*?nasty false alarm)/
The .*? is a non-greedy catchall that allows the substring we want to exclude to occur anywhere in the rest of the line and not necessary directly after the ERROR.
In any system that generates more than the most trivial volume of logs (especially if said logs contain debug info and other cruft that is only useful in very specific situations), you need some kind of automated parsing. This usually means matching each line against a set of regular expressions.
Consider the following log format:
In our toy example, loglevel could be DBEUG, INFO or ERROR. We want to match everything at ERROR level (because we are using third party libraries that may log errors we don't yet know about) but we want to ignore a particular spurious message caused by a bug that has not yet been fixed.
The regex to match all error lines is easy: /ERROR/
The regex to match all error lines that don't contain the substring nasty false alarm is a little more difficult, and requires a PCRE extended pattern. Specifically, a look-ahead assertion. The syntax for this is (?!
).
Thus, our final regex becomes: /ERROR(?!.*?nasty false alarm)/
The .*? is a non-greedy catchall that allows the substring we want to exclude to occur anywhere in the rest of the line and not necessary directly after the ERROR.