Solved: Re: DPL expressions for web address with port

triptisharma · ‎04 Apr 2025

Hello Everyone,

I am trying to find a pattern to match a web address and a port number in the content of a log. For example the log will contain

This is a test message for http://ltest-bed.trigun.org for a system test-bed.trigun.org:443. Tunnel id account:///test/locat

I want to be able to match the content in bold. The port number of the org keeps varying and also sometimes the system comes enclosed in a quote for example

log 1: This is a test message for http://ltest-bed.trigun.org for a system \"test-bed.trigun.org:443\". Tunnel id account:///test/locat

The log might also come in the format

log 2: This is a test message for a system "test-bed.trigun.org:443". Tunnel id account:///test/locat
any suggestions please ?

I tried this [a-zA-Z0-9.-]*:host':'[0-9]*:port but that did not work because it would also match http: rather than the webaddress:port

marco_irmer · ‎04 Apr 2025

Your current pattern has the port number digits as optional, where the '*' quantifier means "match zero or more". This causes the pattern to match on HTTP. Replace the '*' with a '+' sign to make it mandatory, as seen in the example below.

data record(content="This is a test message for http://ltest-bed.trigun.org for a system \"test-bed.trigun.org:443\". Tunnel id account:///test/locat")
| parse content, "LD ([a-zA-Z0-9.-]*:host':'[0-9]+:port) LD"

triptisharma · ‎04 Apr 2025

Thank you Marco!