I have a dataset with a column with processes and the path. I am trying to use regex with Impala to strip off the executable. The dataset looks like this:
x
C:\Windows\System32\svchost.exeC:\Windows\System32\conhost.exeC:\Windows\System32\net1.exeC:\Windows\System32\schtasks.exeC:\Program Files (x86)\Citrix\ICA Client\SelfServicePlugin\SelfService.exeC:\Windows\System32\backgroundTaskHost.exeC:\Windows\System32\net.exeC:\Windows\System32\conhost.exeC:\Program Files (x86)\Wireless AutoSwitch\wrlssw.exeDesired output:
svchost.execonhost.exenet1.exeschtasks.exeSelfService.exebackgroundTaskHost.exenet.execonhost.exewrlssw.exeI have tried many queries like the two below but keep running into errors
select regexp_extract(w.destinationprocessname, '([^\]+)$')from winworkstations_realtime wwhere w.externalid = '4688'limit 10Error:
AnalysisException: No matching function with signature: regexp_replace(STRING, STRING).select regexp_extract(w.destinationprocessname, '\(?:.(?!\))+$',0)from winworkstations_realtime wwhere w.externalid = '4688'limit 10Error:
Could not compile regexp pattern: (?:.(?!))+$ Error: invalid perl operator: (?!Looking for some guidance from anyone that is good with impala or regex.
Advertisement
Answer
Not being a regex expert, I am sure there is a better way but this does the work
select regexp_replace(regexp_extract("C:\Windows\\System32\\svchost.exe", ".+(\\.+)$", 1), "\\", "");