Parsing SOAP entries

We will use the FreeFormTextParser regex property to match several patterns in the following log entry:

>> 2015/1/14 16:20:10: :<< Received request from remote address: 123.45.6.789
>> 2015/1/14 16:20:10: :<< Path Name: $name1, Class Name: CLASS-1
>> 2015/1/14 16:20:11: :<< Service Name: Service_1, Response Time: 123.456789 milliseconds
<model>E</model>
<userid>0000000103</userid>
...

In this case we also use a positive lookbehind construct to match the remote address, path name, service name, model, and user ID:

regex:'((?<=remote address: )[\\d\\.]+)|((?<=Path Name: )[^ ]+)|((?<=\\<\\< Service Name: )[^,]+)|
  ((?<=Response Time: )[^ ]+)|((?<=\\<model\\>)([a-zA-Z0-9]+))|((?<=\\<userid\\>)([0-9]+))',

Here is the TQL of the PARSE statement using the regex expression within a FreeFormTextParser:

  PARSE USING FreeFormTextParser (
    RecordBegin:'Start>>> POST INPUT',
    TimeStamp:'>> %yyyy/%m/%d %H:%M:%S: :<<',
    linecontains:'>> %yyyy/%m/%d %H:%M:%S: :<<',
    RecordEnd:' milliseconds',
    regex:'((?<=remote address: )[\\d\\.]+)|((?<=Path Name: )[^ ]+)|
      ((?<=\\<\\< Service Name: )[^,]+)|
      ((?<=Response Time: )[^ ]+)|((?<=\\<model\\>)([a-zA-Z0-9]+))|
      ((?<=\\<userid\\>)([0-9]+))',
    separator:'~'
  )

Parsing SOAP entries

Search results