具有多个匹配项的Logstash Grok模式 [英] Logstash Grok pattern with multiple matches

问题描述

我正在尝试编写一个grok表达式，该表达式将导致多个匹配项.我正在解析一条具有5个重复的相同模式的行.

I am attempting to write a grok expression that will result in multiple matches. I'm parsing a line that has 5 repetitions of the same pattern.

我已经能够使用正则表达式创建一个简单的模式，该模式将返回多个匹配项，但是看来Grok不能那样工作.我不太了解Ruby，所以还没有真正检查过代码.

I've been able to make a simple pattern with a regex that will return multiple matches but it seems that Grok doesn't work that way. I don't really understand Ruby so I haven't really inspected the code.

示例输入:

222444555

模式:

(?<number>\d{3})*

我会期望这样的输出:

"number" : [
    [
        "222", "444", "555"
    ]
]

或类似的东西.在格罗克这可能吗?我知道我可以将模式重复三次，但是在某些行上重复的次数是未知的.

or something like that. Is this possible in Grok? I know I could just repeat the pattern three times, but on some lines there are an unknown number of repetitions.

有指针吗?

推荐答案

我采用了另一种方法.我用grok提取了重复行的一部分.然后，我使用了 ruby​​ {} 过滤器，使用扫描功能将行切成段:

I took a different approach. I used grok to extract the part of the line that was repeating. Then I used a ruby {} filter to chop the line up into parts using the scan function:

ruby {
    code => "event.put('segment', event.get('segments').scan(/.{3}/))
}

效果非常好，因为它在segment属性中创建了一个数组，然后在该字段上执行 split {} ，我得到了想要的多个事件.

That worked really well as it created an array in the segment property, then followed by split {} on that field I got the multiple events that I wanted.

这篇关于具有多个匹配项的Logstash Grok模式的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！