Parse directory name regex

Sonne · December 9, 2015, 5:48pm

Hello. I have the logline
2015.10.05 18:32:25.913:Process cannot access the file 'file.txt' because it is being used by another process

I have written the grok:

(?m)%{YEAR:year}.%{MONTHNUM:month}.%{MONTHDAY:day}%{SPACE}%{TIME:time}:%{GREEDYDATA:text}

I need to parse name of directory in the brackets : . I need only parse a directory name after "Log" folder. Directory name could be named as 3-digit name. Folder's name should be written to "fldrname" field. After parsing

need to be deleted from @message. I will be appreciate for any help.

magnusbaeck · December 9, 2015, 6:05pm

So you want C:\AR\Log\178 in the fldrname field? Match everything in the string up until the last backslash. The last backslash is the backslash that isn't followed by another backslash. Untested suggestion:

%{GREEDYDATA:fldrname}\\[^\\]+$

Sonne · December 10, 2015, 1:13am

I want only 178 in fldrname

magnusbaeck · December 10, 2015, 6:42am

Slight variation then:

%{GREEDYDATA}\\(?<fldrname>[^\\]+)\\[^\\]+$

Sonne · December 10, 2015, 8:39am

Thank you. It's working.