在我们高效的 Splunk 环境中,我们在一个特殊应用程序中拥有超过一百个自行开发的用例,我们希望进一步将其导出到专用于其他客户的集群等。
在我们高效的 Splunk 环境中,我们在一个特殊应用中拥有超过一百个自行开发的用例,我们希望进一步将其导出到专用于其他客户等的集群。savedsearches.conf 被拆分到默认文件夹和本地文件夹中,我们希望通过 预先合并它们 splunk btool --app=our_fancy_usecases savedsearches list > searches.conf
。因此,生成的配置文件将如下所示:
[Stanza #1]
some.config = some settings
description = just a few words
some.other.config = more settings
search = this is
| a well
| formatted search
[Stanza #2]
some.config = 1
description = This is taking
a lot of words
to explain
this time.
some.other.config = 2
search = a lot
of searching
to do
[This is yet another stanza]
the.end = nigh
btool 的问题在于原始配置文件中缺少反斜杠 (\'\'),这表示某一行实际上是一个多行值。每个设置都可以是一个多行值,但不一定非要如此。当缺少反斜杠时,Splunk 将只读取该设置的配置直到行结束,即对于第一个 Stanza,Splunk 中的搜索最终只会显示 this is
,缺少以下两行。也就是说,配置文件应该如下所示:
[Stanza #1]
some.config = some settings
description = just a few words
some.other.config = more settings
search = this is \
| a well\
| formatted search
[Stanza #2]
some.config = 1
description = This is taking \
a lot of words\
to explain\
this time.
some.other.config = 2
search = a lot \
of searching \
to do
[This is yet another stanza]
the.end = nigh
遗憾的是,btool 缺乏保留这些反斜杠的功能,因此我尝试使用 sed 或任何可以完成这项工作的工具来恢复它们。
我首先研究了如何使用正则表达式来获取需要更改的行。Stanza 总是放在括号中 [
]
,而设置总是会有一个空格,后面跟着一个 =
空格,实际值前面还有一个空格。我想出了这个负面环视: \n(?!^[A-Za-z0-9._]+ = .*$|^\[.*\])
对于顶部的配置示例,这似乎很好地抓住了我在 regex101 中想要更改的内容。但是 #sed 不允许环视。#Perl 应该是一个选项,但这是我失败的地方:
perl -pe 's/\n(?![A-Za-z0-9._]+ = .*$|\[.*\]$)/\\\n/' test.conf > test.out ; cat test.out
[Stanza #1]\
some.config = some settings\
description = just a few words\
some.other.config = more settings\
search = this is\
| a well\
| formatted search\
[Stanza #2]\
some.config = 1\
description = This is taking\
a lot of words\
to explain\
this time.\
some.other.config = 2\
search = a lot\
of searching\
to do\
[This is yet another stanza]\
the.end = nigh\
遗憾的是,这根本不能按预期工作,只是在每一行中添加了一个反斜杠。我也对 #sed 进行了一些调整:
sed '/^[A-Za-z0-9._]\+ = .*$\|^\[.*\]$/! s/.*/&\\/' test.conf > test.out ; cat test.out
[Stanza #1]
some.config = some settings
description = just a few words
some.other.config = more settings
search = this is
| a well\
| formatted search\
[Stanza #2]
some.config = 1
description = This is taking
a lot of words\
to explain\
this time.\
some.other.config = 2
search = a lot
of searching\
to do\
[This is yet another stanza]
the.end = nigh
关于如何实现我的目标,您有什么想法吗?
perl -ne 'chomp;
print "\\" if ! /\S \s = \s \S | ^ \[ .* \] /x;
print "\n" if $. != 1;
print;
END { print "\n" }' < file
-n
逐行读取输入并运行每一行的代码;
主要的技巧是决定在查看 下一 行时是否打印反斜杠。为了实现这一点,我们不打印当前行后的换行符,因此当我们读入下一行时,我们仍然可以打印反斜杠。