From 704a1145d64532df36624a3c9850b0c86f38f76f Mon Sep 17 00:00:00 2001
From: Rainer Gerhards
Two additional and potentially useful modes exist: in one (BLANK) a blank string +
Three additional and potentially useful modes exist: in one (BLANK) a blank string is returned. This is probably useful for inserting values into databases where no -value shall be inserted if the expression could not be found. A use case may be +value shall be inserted if the expression could not be found. +
A similar mode is "ZERO" where the string "0" is returned. This is suitable +for numerical values. A use case may be that you record a traffic log based on firewall rules and the "bytes transmitted" counter is extracted via a regular expression. If no "bytes transmitted" counter is available in the current message, it is probably a good idea to return an empty string, which the @@ -23,6 +25,15 @@ it shall be logged. checker and generator to see these options in action. With that online tool, you can craft regular expressions based on samples and try out the different modes. +
Mode | Returned |
DFLT | "**NO MATCH**" |
BLANK | "" (empty string) |
ZERO | "0" |
FIELD | full content of original field |
Interactive Tool |