个人中心
gpt4 book ai didi

Azure Log Analytics 解析字符串

转载 作者:行者123 更新时间:2023-12-03 03:46:29 25 4
gpt4 key购买 nike

我正在尝试解析 Azure 日志中的字符串。这是来自 intunedevice 表,不幸的是 CreateDate 列是字符串而不是日期格式。所以我想获取这个字符串值并进行一些转换,以便将其与 now() 进行比较。但我的问题是我无法使用正则表达式获取数据。

仅供引用:CreatedDate 字符串值的格式如下:

2021-05-17 07:33:41.0000000

我只想获取下面测试结果中的日期(例如 2021-05-17)。

我正在尝试以下操作:

IntuneDevices | where TimeGenerated > ago(1d) | parse kind=regex  CreatedDate with "(\\d\\d\\d\\d[-]\\d\\d[-]\\d\\d)*" test  | project TimeGenerated, CreatedDate, now(), test

结果:

TimeGenerated [UTC]
2021-08-30T05:08:42.8809Z
CreatedDate
2021-05-17 07:33:41.0000000
Column1 [UTC]
2021-08-30T12:40:53.296239Z
test
07:33:41.0000000

所以解析有效,但它带走了值......

IntuneDevices | where TimeGenerated > ago(1d) | parse kind=regex CreatedDate with * '(\\d{4}-\\d{2}-\\d{2})' test | project TimeGenerated, CreatedDate, now(), test

结果:

TimeGenerated [UTC]
2021-08-30T05:08:42.8809Z
CreatedDate
2021-05-17 07:33:41.0000000
Column1 [UTC]
2021-08-30T12:40:53.296239Z
test
07:33:41.0000000

所以我推它的方式有点不同,但正如你在下面看到的,当我解析日期时消息是空的......

print m = '18/03/2020 07:08:23 1164 PACKET 000000C164RF56B0 UDP Rcv 10.128.151.34 076e Q [2021-05-17 07:33:41.0000000] A (10)indelpus03(6)kworld(4)kay(3)com(0)' | extend Message = extract(@'\[(\d{4}-\d{2}-\d{2})\]', 1, m)

消息:

/empty/

但是当仅使用文本示例时,例如aaaaa,它可以工作......

print m = '18/03/2020 07:08:23 1164 PACKET 000000C164RF56B0 UDP Rcv 10.128.151.34 076e Q [aaaaa] A (10)indelpus03(6)kworld(4)kay(3)com(0)' | extend Message = extract(@'\[(.*)\]', 1, m)

消息:

aaaaa

最佳答案

您可以尝试使用 parse operator这将帮助您获取正则表达式中的数据
下面是有关如何使用解析值的代码示例。

let Traces = datatable(EventText:string)
[
"Event: NotifySliceRelease (resourceName=PipelineScheduler, totalSlices=27, sliceNumber=invalid_number, lockTime=02/17/2016 08:40:01, releaseTime=02/17/2016 08:40:01, previousLockTime=02/17/2016 08:39:01)",
"Event: NotifySliceRelease (resourceName=PipelineScheduler, totalSlices=27, sliceNumber=15, lockTime=02/17/2016 08:40:00, releaseTime=invalid_datetime, previousLockTime=02/17/2016 08:39:00)",
"Event: NotifySliceRelease (resourceName=PipelineScheduler, totalSlices=27, sliceNumber=20, lockTime=02/17/2016 08:40:01, releaseTime=02/17/2016 08:40:01, previousLockTime=02/17/2016 08:39:01)",
"Event: NotifySliceRelease (resourceName=PipelineScheduler, totalSlices=27, sliceNumber=22, lockTime=02/17/2016 08:41:01, releaseTime=02/17/2016 08:41:00, previousLockTime=02/17/2016 08:40:01)",
"Event: NotifySliceRelease (resourceName=PipelineScheduler, totalSlices=invalid_number, sliceNumber=16, lockTime=02/17/2016 08:41:00, releaseTime=02/17/2016 08:41:00, previousLockTime=02/17/2016 08:40:00)"
];
Traces  
| parse EventText with * "resourceName=" resourceName ", totalSlices=" totalSlices:long * "sliceNumber=" sliceNumber:long * "lockTime=" lockTime ", releaseTime=" releaseTime:date "," * "previousLockTime=" previouLockTime:date ")" *  
| project resourceName ,totalSlices , sliceNumber , lockTime , releaseTime , previousLockTime

另请检查SO1SO2并进行相关讨论。

关于Azure Log Analytics 解析字符串,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/68984536/

25 4 0
文章推荐: azure - (QnAMaker) 如何为一个元数据标签分配多个值?
文章推荐: gradle - 为什么 gradle-clojure 插件会跳过 compileClojure 任务?
文章推荐: dart - Dart中的 polymer 元素属性
文章推荐: 用于漏洞评估的 Azure 存储帐户防火墙权限
行者123
个人简介

我是一名优秀的程序员,十分优秀!

滴滴打车优惠券免费领取
滴滴打车优惠券
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com