0

我的日志中有一些信息如下:

" .....响应已过:00:00:00.0194215....

.....响应已过:00:00:05.0174875....

.....响应已过:00:00:11.5434871....

.....响应已过:00:00:01.342283...."

我想搜索经过时间> 5秒的结果,在上述信息中,结果应该是

响应时间:00:00:11.5434871

响应时间:00:00:05.0174875

我试过“ | Regex”/^Response Elapsed: 00:00:00.0[5-9]/“ ”,但它不起作用。

4

1 回答 1

0

It's probably easier to find a regular expression for the negative case than the positive one. Your example regex could be made to work for 5-9 seconds, but what about a minute and 5-9 seconds, etc? Try this:

... | regex _raw!="Response Elapsed: 00:00:0[0-4]\.\d+" | ...
于 2018-04-13T11:58:14.883 回答