Using the escape character

(wstlk) #1

How or what syntax is the standard for using the escape character in a literal?

"\\" tells me it doesn't apply to the following case

here I have a message string

"client ( query (cache) '' denied\n"

but shouldn't one be able to later use "\\n" for the ending of the string? I'd like to not to include the string "\n" as part of <?bindmsg> -- and I have things working, though here when it doesn't pass grok fails.(it fails for "\\n")

"client %{HOSTNAME:dcip}#([0-9]+) \(%{HOSTNAME:qry}\): ([\S]+) ([\S]+) ('[\S]+)/(?<qrystring>[^/]+)/([A-Za-z]+') (?<bindmsg>[\S]+)\n"
"client %{HOSTNAME:dcip}#([0-9]+) \(%{HOSTNAME:qry}\): ([\S]+) ([\S]+) ('[\S]+)/(?<qrystring>[^/]+)/([A-Za-z]+') ((?<bindmsg>[\S]+)\\n)"

the fields get picked up nicely though I do now know why it is "\n" -- I'm used to using "\\" in other languages so this seems a bit counter intuitive


(system) #2