Fluentd source log format regex
Question
Good day! I have logs of this format:
[14-10-2016 00:00:04,004 INFO WebService:1603] [172.16.1.10] [0000077000013] [ID=N0000077000013] [N=147639237688] REQUEST getStatus
I came up to this regex:
/(?<time>\d{1,2}-\d{1,2}-\d{4} \d{1,2}:\d{1,2}:\d{1,2},\d{3}) (?<message1>[=]+) .(?<ID>ID=\w*) .(?<N>N=\w*) (?<messages>.*)/
I want to identify date, part from INFO till ID=, ID, N, and last part, but fluentd returns me "pattern not match". Each part of regex is working separately on fluentular regex testing site.
What would be a regex? Thank you.
1 answers
solution1
1 ACCPTED 2016-10-19 08:04:33
You may use
(?<time>\d{1,2}-\d{1,2}-\d{4} +\d{1,2}:\d{1,2}:\d{1,2},\d{3}) +(?<message1>[A-Z]+) .*\[ID=(?<ID>\w+)] +\[N=(?<N>\w+)] (?<messages>.*)
See the regex demo
Note that I added + after the spaces to match 1 or more occurrences, and adjusted group boundaries for ID and N groups.
Also, your message1 group pattern [=]+ matches 1+ = symbols, while you have INFO string there. I changed it to [AZ]+ to match 1 or more uppercase ASCII letters.
And finally, since there is text between group message1 and ID , you need to make sure to consume those characters, thus, I used .* (any 0+ chars other than linebreak symbols).
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.