具有多个匹配项的Logstash Grok模式
我正在尝试编写一个grok表达式,该表达式将导致多个匹配项.我正在解析一条具有5个重复的相同模式的行.
I am attempting to write a grok expression that will result in multiple matches. I'm parsing a line that has 5 repetitions of the same pattern.
我已经能够使用正则表达式创建一个简单的模式,该模式将返回多个匹配项,但是看来Grok不能那样工作.我不太了解Ruby,所以还没有真正检查过代码.
I've been able to make a simple pattern with a regex that will return multiple matches but it seems that Grok doesn't work that way. I don't really understand Ruby so I haven't really inspected the code.
示例输入:
222444555
模式:
(?<number>\d{3})*
我会期望这样的输出:
"number" : [
[
"222", "444", "555"
]
]
或类似的东西.在格罗克这可能吗?我知道我可以将模式重复三次,但是在某些行上重复的次数是未知的.
or something like that. Is this possible in Grok? I know I could just repeat the pattern three times, but on some lines there are an unknown number of repetitions.
有指针吗?
我采用了另一种方法.我用grok提取了重复行的一部分.然后,我使用了 ruby {} 过滤器,使用扫描功能将行切成段:
I took a different approach. I used grok to extract the part of the line that was repeating. Then I used a ruby {} filter to chop the line up into parts using the scan function:
ruby {
code => "event.put('segment', event.get('segments').scan(/.{3}/))
}
效果非常好,因为它在segment属性中创建了一个数组,然后在该字段上执行 split {} ,我得到了想要的多个事件.
That worked really well as it created an array in the segment property, then followed by split {} on that field I got the multiple events that I wanted.