如何使这个正则表达式起作用?
[英]How do I make this regular expression work?
问题描述
I'm creating my own ELK dashboard to monitor my finances.
我正在创建自己的 ELK 仪表板来监控我的财务状况。
I got completely wiped out this year, a combination of many things, but most likely just poor fiscal responsibility.今年我完全被淘汰了,这是很多事情的结合,但很可能只是财政责任不佳。
Anyway;反正;
I'm a regex newb, and I'm having a hard time with this.我是正则表达式新手,对此我很难过。
Is there a way to quickly match strings with many trailing and leading whitespaces?有没有办法快速匹配带有许多尾随和前导空格的字符串?
Here are my characters:这是我的角色:
Account: ************0000 Purchase Amount: $10.00 Transaction Date: November 10, 2022 Transaction Description: UBER *TRIP HELP.UBER.C
Here's what I am trying in regexr.com这是我在 regexr.com 中尝试的内容
(?<account>(?<=Account:)(.*)(?=\s*Pur)) And my results contain a lot of whitespaces: (?<account>(?<=Account:)(.*)(?=\s*Pur))我的结果包含很多空格:
************0000
I'd like to have all the transaction $KEY:$VALUE pairs as named captures for grok filtering my bank transactions.我想将所有交易 $KEY:$VALUE 对作为命名捕获,以便 grok 过滤我的银行交易。
The results should be:结果应该是:
(?<account>($StackOverFlowSuperChargedRegex)
**************0000
Here is my regxr.com workspace link: regexr.com/736tg这是我的 regxr.com 工作区链接: regexr.com/736tg
EDIT: I am applying this grok pattern to an elastic search ingest pipeline, but I am not opposed to using it for a logstash ingest.编辑:我将此 grok 模式应用于弹性搜索摄取管道,但我不反对将其用于 logstash 摄取。
EDIT 2: @Paulo编辑 2:@Paulo
Here is the content field after applying trim and gsub (without the dissect processor applied)这是应用 trim 和 gsub 后的内容字段(未应用解剖处理器)
"content": "View Online Hello, As requested, we’re letting you know that a purchase of $10.00 was made on your RBC Royal Bank credit card account ************0000 on November 12, 2022 towards UBER *TRIP HELP.UBER.C. If you don’t recognize this transaction, please call us at 1‑800‑769‑2512 (available 24/7) and we’ll be happy to help. Account: ************0000 Purchase Amount: $10.00 Transaction Date: November 12, 2022 Transaction Description: UBER *TRIP HELP.UBER.C Thank you! - Privacy & Security | Legal - RBC Royal Bank | Royal Bank of Canada RBC WaterPark Place, 88 Queens Quay West, 12th Floor, Toronto, ON, M5J 0B8, Canada www.rbcroyalbank.com. ®/TM Trademark(s) of Royal Bank of Canada. RBC and Royal Bank are registered trademarks of Royal Bank of Canada. © Royal Bank of Canada 2022 - Communicating Safely Online Regular, unencrypted email is not secure. You should never include personal or confidential information in a regular email. Be careful when opening messages, links or attachments received through digital channels, including regular emails, text messages and social media messages. If you receive a message that appears to be from RBC that is suspicious please report it to us and then delete it. Do not provide personal information like passwords. Need Help? To discuss your personal information with us safely, visit our customer service page. Please note this email was sent from an unmonitored inbox. Do not reply. For current scam alerts and tips to protect yourself visit: RBC Cyber Security | Active Scam Alerts "
},
"_ingest": {
"timestamp": "2022-11-25T11:18:28.621402003Z"
}
2 个解决方案
解决方案1
0 已采纳 2022-11-25 10:27:11
Tldr Tldr
Not using Grok , but I feel It may help不使用Grok ,但我觉得它可能有帮助
Solution解决方案
POST /_ingest/pipeline/_simulate
{
"pipeline": {
"description": "_description",
"processors": [
{
"trim": {
"field": "message"
}
},
{
"gsub": {
"field": "message",
"pattern": """\s+""",
"replacement": " "
}
},
{
"dissect": {
"field": "message",
"pattern": "Account: %{account} Purchase Amount: %{amount} Transaction Date: %{date} Transaction Description: %{description}"
}
}
]
},
"docs": [
{
"_source": {
"message": " Account: ************0000 Purchase Amount: $10.00 Transaction Date: November 10, 2022 Transaction Description: UBER *TRIP HELP.UBER.C
"
}
}
]
}
解决方案2
0 2022-11-25 11:58:48
Fixed via @Paulo and updating my grok patterns;通过@Paulo 修复并更新我的 grok 模式; not the most efficient/elegant solution but it works well enough.不是最有效/优雅的解决方案,但效果很好。
PUT _ingest/pipeline/fscrawler
{
"version": 1,
"processors": [
{
"trim": {
"field": "content",
"ignore_missing": true
}
},
{
"gsub": {
"field": "content",
"pattern": "\\s+",
"replacement": " "
}
},
{
"grok": {
"field": "content",
"patterns": [
"(?<account>(?<=Account:\\s)(.*)(?=\\sPurchase))"
],
"trace_match": true,
"ignore_missing": true,
"ignore_failure": true
}
},
{
"grok": {
"field": "content",
"patterns": [
"(?<amount>(?<=Amount:\\s)(.*)(?=\\sTransaction\\sDate))"
],
"trace_match": true,
"ignore_missing": true,
"ignore_failure": true
}
},
{
"grok": {
"field": "content",
"patterns": [
"(?<transaction_date>(?<=Transaction\\sDate:\\s)(.*)(?=\\sTransaction\\sDescription))"
],
"trace_match": true,
"ignore_missing": true,
"ignore_failure": true
}
},
{
"grok": {
"field": "content",
"patterns": [
"(?<transaction_description>(?<=Transaction\\sDescription:\\s)(.*)(?=\\sThank))"
],
"trace_match": true,
"ignore_missing": true,
"ignore_failure": true
}
}
]
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.