stackoom
  简体   繁体   中英

Grok “or” around multiple “or” patterns?

 原文  2018-11-09 18:07:24       regex/ logstash/ logstash-grok

Question

Is this possible.

I don't have the regex to hand, but in "pseudo" regex i have so far is: 

(Client_id:IP) | (Cient_id:IPPORT)

This works, if it is an IP alone, it matches. If it an IP:PORT it matches. But what I want is: 

((Client_id:IP) | (Cient_id:IPPORT))  |   ((somethingElse:ANOTHERGROK ) | (soemthingElse:ANOTHERGROK2))

I've tried lots of combinations but nothing works so far.

1 answers

solution1
 1  2018-11-09 19:49:02

There are lots of complex regular expressions in the built-in patterns. Looking there can sometimes yield good results.

For you, I noticed [HTTPD_COMMONLOG][1] , which contains:

%{NUMBER:response} (?:%{NUMBER:bytes}|-)

So you can see how they combine one pattern ("response") with another pattern that contains the "or" ("bytes").

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Custom grok patterns - matching multiple patterns Multiple custom grok patterns not matching, but they successfully match alone? Use of ?> in Logstash Grok patterns Chaining grok filter patterns for logstash Logstash - Grok filter - Is it possible to name aggregated patterns How to skip the beginning of a message with Grok Patterns? Logstash - Grok - Exception on multiple lines Logstash Grok pattern with multiple matches Grok Pattern to Parse Multiple loglines Need information on Grok patterns that use non capturing group (?: )
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM