具有多个匹配项的Logstash Grok模式
[英]Logstash Grok pattern with multiple matches
问题描述
I am attempting to write a grok expression that will result in multiple matches. 
我试图写一个grok表达式,它将导致多个匹配项。 I'm parsing a line that has 5 repetitions of the same pattern. 我正在解析具有5个相同模式重复的行。
I've been able to make a simple pattern with a regex that will return multiple matches but it seems that Grok doesn't work that way. 我已经能够使用正则表达式创建一个简单的模式,该模式将返回多个匹配项,但是Grok似乎无法正常工作。 I don't really understand Ruby so I haven't really inspected the code. 我不太了解Ruby,所以还没有真正检查过代码。
Example input: 输入示例:
222444555
Pattern: 图案:
(?<number>\d{3})*
I would have expected output like this: 我本来期望这样的输出:
"number" : [
[
"222", "444", "555"
]
]
or something like that. 或类似的东西。 Is this possible in Grok? 在格罗克这可能吗? I know I could just repeat the pattern three times, but on some lines there are an unknown number of repetitions. 我知道我可以将模式重复三次,但是在某些行上重复的次数是未知的。
Any pointers? 有指针吗?
1 个解决方案
解决方案1
0 已采纳 2017-01-03 18:53:22
I took a different approach. 我采取了不同的方法。 I used grok to extract the part of the line that was repeating. 我用grok提取了重复的部分行。 Then I used a ruby {} filter to chop the line up into parts using the scan function: 然后,我使用ruby {}过滤器使用扫描功能将线切割成多个部分:
ruby {
code => "event.put('segment', event.get('segments').scan(/.{3}/))
}
That worked really well as it created an array in the segment property, then followed by split {} on that field I got the multiple events that I wanted. 效果很好,因为它在segment属性中创建了一个数组,然后在该字段上进行split {} ,我得到了想要的多个事件。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.