Getting rid of the parenthesis with regular expression group matching

Question

I'm trying to analyze logs using splunk and I need to parse lines that look like this:

2012-06-20 20:35:13,980 INFO  [http-bio-8080-exec-72] (b50f3a81-f9e0-4ebf-b9e2-b007c8dd4cbf) interceptor.CustomLoggingOutInterceptor (AbstractLoggingInterceptor.java:149)     - Outbound Message

I've got this regex which matches:

(?i)^[^\]]*\]\s+(?P<FIELDNAME>[^ ]+)

this part :

2012-06-20 20:35:13,980 INFO  [http-bio-8080-exec-72] (b50f3a81-f9e0-4ebf-b9e2-b007c8dd4cbf)

Using groups I can extract the real information that I need and that is :

(b50f3a81-f9e0-4ebf-b9e2-b007c8dd4cbf)

Only problem is that I don't need parenthesis, I've tried with some negative lookahead/lookbehind google searches, don't really know regex that well.

So my final goal would be to capture b50f3a81-f9e0-4ebf-b9e2-b007c8dd4cbf . thanks

Answer 1

(?i)^[^\]]*\]\s+\((?P<FIELDNAME>[^ ]+)\)

That matches and drops the () in group 1.

Play with the regex here.