Regex - String within the first parenthesis of string

regex amazon-cloudwatch aws-cloudwatch-log-insights

I am trying to get an overview of the visitors of my website by using AWS Logs Insights.

My query looks like this:

fields @timestamp, @message
  | parse @message /(?<@ip>(?<=User-Agent)(.*)(?=X-Forwarded-Proto))/
  | stats count() as requestCount by @ip
  | filter ispresent(@ip)
  | sort requestCount desc

Some of the results are like this:

=Mozilla/5.0 (iPhone; CPU iPhone OS 15_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.1 Mobile/15E148 Safari/604.1,
=Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1 Safari/605.1.15,

I am trying to get the string within the first parenthesis:

  • iPhone; CPU iPhone OS 15_1 like Mac OS X
  • Macintosh; Intel Mac OS X 10_15_7

I tried | parse @ip /(?<@device>(/\((.*?)\)/)/ from this answer but it doesn't work.

Any ideas how I could make it work?

Thank you!


Looking at the result for the given pattern, you might use another named capture group (instead of a lookarounds, you might also match the text):

User-Agent=[^()]*\((?<@device>[^()]*)\).*X-Forwarded-Proto

See a regex demo.

With both capture groups:

User-Agent(?<@ip>[^()]*\((?<@device>[^()]*)\).*X-Forwarded-Proto)

See another regex demo.

Related

What if the processor does not have special instructions for input and output
Python - How can I make this un-pickleable object pickleable?
Save the data in the UI of react in the form of file
How do I log in using the Git terminal?
Bug with iPhone data usage counter
iCloud save support in Grand Theft Auto: Vice City
iTunes 11 does not sync apps updated OTA
Siri and birthday events
Can a time capsule be set to sleep?
Finder: show video thumbnail for all kind of formats/containers
How to figure out what app is beeping at me?
Applications sometimes reopen at start-up in Mountain Lion