Clayton Dukes <cdukes@gmail.com> writes:
Hi Gergely, I'm trying to understand this :-)
Where are the delimiters in the above example? How does it know to split at a double colon? How does it know to split at the equal?
Duh! I forgot to include them (so it defaults to whitespace). Add a delimiters(":") to the first, and delimiters("=") to the second. Sorry!
Are they just assumed delimiters because they are non-alpha characters?
The folks I am working on this for changed the message format a bit yesterday, so now messages appear as (example): Nov 14 15:26:30 somehostname startofmessage: %SYS-3-LOW_THRESHOLD:DEVICENAME Original Address=192.168.1.1 LOW_THRESHOLD_EVENT - 0 AUTHORIZED sessions
This'll be a little harder to do with csv-parser, but not impossible! You'd need to split on "=" first (into, say, csv.first_part and csv.second_part). Then split the first part on whitespace (into csv.cisco_thingy, and some dummy), then split the second part on whitespace (into csv.ip and csv.message). -- |8]