Filter Out Based on a Non-Matching Regular Expression (Syntax)
Query
method != /(PUT
| POST)/
Introduction
Typically a regular expression is used to filter events based on a value that the regular expression matches. The opposite can also be achieved, filtering events by those that do not match the regular expression.
This example searches weblog data looking for events where the method does not match a specied value.
Step-by-Step
Starting with the source repository events.
- flowchart LR; %%{init: {"flowchart": {"defaultRenderer": "elk"}} }%% repo{{Events}} 0[/Filter/] result{{Result Set}} repo --> 0 0 --> result style 0 fill:#ff0000,stroke-width:4px,stroke:#000;logscale
method != /(PUT | POST)/
This line performs a negative regular expression match, returning only the events where the method does not match either
PUT
orPOST
. Event Result set.
Summary and Results
This format of the query can be a simple way to perform a negative regular expression match, or more specifically, returning a list of the events that do not match the given regular expression.