Parsing SOAP entries
We will use the FreeFormTextParser regex property to match several patterns in the following log entry:
>> 2015/1/14 16:20:10: :<< Received request from remote address: 123.45.6.789 >> 2015/1/14 16:20:10: :<< Path Name: $name1, Class Name: CLASS-1 >> 2015/1/14 16:20:11: :<< Service Name: Service_1, Response Time: 123.456789 milliseconds <model>E</model> <userid>0000000103</userid> ...
In this case we also use a positive lookbehind construct to match the remote address, path name, service name, model, and user ID:
regex:'((?<=remote address: )[\\d\\.]+)|((?<=Path Name: )[^ ]+)|((?<=\\<\\< Service Name: )[^,]+)| ((?<=Response Time: )[^ ]+)|((?<=\\<model\\>)([a-zA-Z0-9]+))|((?<=\\<userid\\>)([0-9]+))',
Here is the TQL of the PARSE statement using the regex expression within a FreeFormTextParser:
PARSE USING FreeFormTextParser ( RecordBegin:'Start>>> POST INPUT', TimeStamp:'>> %yyyy/%m/%d %H:%M:%S: :<<', linecontains:'>> %yyyy/%m/%d %H:%M:%S: :<<', RecordEnd:' milliseconds', regex:'((?<=remote address: )[\\d\\.]+)|((?<=Path Name: )[^ ]+)| ((?<=\\<\\< Service Name: )[^,]+)| ((?<=Response Time: )[^ ]+)|((?<=\\<model\\>)([a-zA-Z0-9]+))| ((?<=\\<userid\\>)([0-9]+))', separator:'~' )