2

I'm having trouble matching a single quote, ' , or putting it in a character group in a Sumologic query.

For example, my query might look like

_sourceCategory="some_category" | where url matches /^\/stuff\/[\w']+\/.*/ and other_field="some_value"

The problem with this is that Sumologic will turn the characters after the single quote all red, as if it is the start of a string. I've tried to escape it like [\w\']+ in my character group, and it doesn't work. I couldn't find any resources online about this. The closest thing I found is

https://help.sumologic.com/05Search/Get-Started-with-Search/Search-Basics/Reference_a_Field_with_Special_Characters

But I'm not sure how to correspond this to my type of query.

fooiey
  • 1,040
  • 10
  • 23

1 Answers1

2

It appears that Sumologic uses RE2 in the where clause, and in RE2, you can match any chars using hex character codes. So, you can use \x27 to match a ' char:

| where url matches /^\/stuff\/[\w\x27]+\/.*/

See the Go lang (that uses RE2 regex library) online regex demo.

Wiktor Stribiżew
  • 607,720
  • 39
  • 448
  • 563