tstack/lnav

Regex exact match for filter possible?

Closed this issue · 4 comments

Maybe I am doing something wrong but is it not possible to define a filter for an exact string?

I want to search for exact this string "DPT=465" in syslog for firewall destination ports.

I have tried the following:

  • filter-in DPT=465 with the result that lnav show me this string and all with DPT=465 example DPT=46512
  • filter-in {DPT=465} show me nothing

Why I can't define an exact string, what I'm doing wrong?

Filtering is based on string matching so it's natural that searching for DPT=465 will find DPT=46512 and anything else that contains the string DPT=465.
If you want to exclude DPT=46512 and other occurrences of this type you should use regular expression like DPT=465[^\d]|\n which mandates that after the string DPT=465 the next character cannot be a digit. See https://regex101.com/r/pIihZs/1

Even simpler: DPT=465\b. The \b means "word break", and matches a position where a "word" ends, that is, right before a space character, punctuation, etc, or at EOL.

I could have guessed that... Thanks, that works perfectly for me.

Thanks for the responses, I've added an FAQ with the answer from @dch-cap-rx .