透過集合功能整理內容
你可以依據偏好儲存及分類內容。
re.replace
re.replace(stringText, replaceRegex, replacementText)
說明
執行規則運算式取代作業。
這個函式需要三個引數:
stringText:原始字串。replaceRegex:表示要搜尋模式的規則運算式。replacementText:要插入每個相符項目的文字。
傳回衍生自原始 stringText 的新字串,其中所有符合 replaceRegex 模式的子字串都會替換為 replacementText 中的值。您可以在 replacementText 內使用反斜線逸出數字 (\1 到 \9),好在 replaceRegex 模式中插入與對應放入括號內群組相符的文字。請使用 \0 來參照完整的相符文字。
函式會取代非重疊相符項目,並優先取代找到的第一個相符項目。舉例來說,re.replace("banana", "ana", "111") 會傳回字串「b111na」。
參數資料類型
STRING、STRING、STRING
傳回類型
STRING
程式碼範例
範例 1
這個範例會擷取電子郵件中 @ 符號後的所有內容,將 com 取代為 org,然後傳回結果。請注意巢狀函式的使用方式。
"email@google.org" = re.replace($e.network.email.from, "com", "org")
範例 2
本範例在 replacementText 引數中使用反斜線逸出數字,參照 replaceRegex 模式的相符項目。
"test1.com.google" = re.replace(
$e.principal.hostname, // holds "test1.test2.google.com"
"test2\.([a-z]*)\.([a-z]*)",
"\\2.\\1" // \\1 holds "google", \\2 holds "com"
)
範例 3
處理空字串和 re.replace() 時,請注意下列情況:
使用空字串做為 replaceRegex:
// In the function call below, if $e.principal.hostname contains "name",
// the result is: 1n1a1m1e1, because an empty string is found next to
// every character in `stringText`.
re.replace($e.principal.hostname, "", "1")
如要取代空字串,可以使用 "^$" 做為 replaceRegex:
// In the function call below, if $e.principal.hostname contains the empty
// string, "", the result is: "none".
re.replace($e.principal.hostname, "^$", "none")
除非另有註明,否則本頁面中的內容是採用創用 CC 姓名標示 4.0 授權,程式碼範例則為阿帕契 2.0 授權。詳情請參閱《Google Developers 網站政策》。Java 是 Oracle 和/或其關聯企業的註冊商標。
上次更新時間:2025-07-29 (世界標準時間)。
[[["容易理解","easyToUnderstand","thumb-up"],["確實解決了我的問題","solvedMyProblem","thumb-up"],["其他","otherUp","thumb-up"]],[["難以理解","hardToUnderstand","thumb-down"],["資訊或程式碼範例有誤","incorrectInformationOrSampleCode","thumb-down"],["缺少我需要的資訊/範例","missingTheInformationSamplesINeed","thumb-down"],["翻譯問題","translationIssue","thumb-down"],["其他","otherDown","thumb-down"]],["上次更新時間:2025-07-29 (世界標準時間)。"],[[["\u003cp\u003e\u003ccode\u003ere.replace\u003c/code\u003e is a function that performs regular expression replacement within a string.\u003c/p\u003e\n"],["\u003cp\u003eIt requires three string arguments: the original string, the regex pattern to match, and the replacement text.\u003c/p\u003e\n"],["\u003cp\u003eBackslash-escaped digits (\u003ccode\u003e\\1\u003c/code\u003e to \u003ccode\u003e\\9\u003c/code\u003e) can be used in the replacement text to insert text from captured groups in the regex pattern, with \u003ccode\u003e\\0\u003c/code\u003e representing the entire match.\u003c/p\u003e\n"],["\u003cp\u003eThe function prioritizes the first non-overlapping match found and replaces it, as seen in the "banana" example being changed to "b111na".\u003c/p\u003e\n"],["\u003cp\u003eUsing an empty string as the \u003ccode\u003ereplaceRegex\u003c/code\u003e will match next to every character, while \u003ccode\u003e"^$"\u003c/code\u003e is used to target and replace an empty string.\u003c/p\u003e\n"]]],[],null,["### re.replace\n\nSupported in: \n[Rules](/chronicle/docs/detection/default-rules) [Search](/chronicle/docs/investigation/udm-search) \n\n re.replace(stringText, replaceRegex, replacementText)\n\n#### Description\n\nPerforms a regular expression replacement.\n\nThis function takes three arguments:\n\n- `stringText`: the original string.\n- `replaceRegex`: the regular expression indicating the pattern to search for.\n- `replacementText`: The text to insert into each match.\n\nReturns a new string derived from the original `stringText`, where all\nsubstrings that match the pattern in `replaceRegex` are replaced with the value in\n`replacementText`. You can use backslash-escaped digits (`\\1` to `\\9`) within\n`replacementText` to insert text matching the corresponding parenthesized group\nin the `replaceRegex` pattern. Use `\\0` to refer to the entire matching text.\n\nThe function replaces non-overlapping matches and will prioritize replacing the\nfirst occurrence found. For example, `re.replace(\"banana\", \"ana\", \"111\")`\nreturns the string \"b111na\".\n\n#### Param data types\n\n`STRING`, `STRING`, `STRING`\n\n#### Return type\n\n`STRING`\n\n#### Code samples\n\n##### Example 1\n\nThis example captures everything after the `@` symbol in an email, replaces `com`\nwith `org`, and then returns the result. Notice the use of nested functions. \n\n \"email@google.org\" = re.replace($e.network.email.from, \"com\", \"org\")\n\n##### Example 2\n\nThis example uses backslash-escaped digits in the `replacementText` argument to\nreference matches to the `replaceRegex` pattern. \n\n \"test1.com.google\" = re.replace(\n $e.principal.hostname, // holds \"test1.test2.google.com\"\n \"test2\\.([a-z]*)\\.([a-z]*)\",\n \"\\\\2.\\\\1\" // \\\\1 holds \"google\", \\\\2 holds \"com\"\n )\n\n##### Example 3\n\nNote the following cases when dealing with empty strings and `re.replace()`:\n\nUsing empty string as `replaceRegex`: \n\n // In the function call below, if $e.principal.hostname contains \"name\",\n // the result is: 1n1a1m1e1, because an empty string is found next to\n // every character in `stringText`.\n re.replace($e.principal.hostname, \"\", \"1\")\n\nTo replace an empty string, you can use `\"^$\"` as `replaceRegex`: \n\n // In the function call below, if $e.principal.hostname contains the empty\n // string, \"\", the result is: \"none\".\n re.replace($e.principal.hostname, \"^$\", \"none\")"]]
