问题
I'm trying to parse a logfile using grok
Each line of the logfile has fields separated by commas:
13,home,ABC,Get,,Private, Public,1.2.3 ecc...
I'm using match like this:
match => [ "message", "%{NUMBER:requestId},%{WORD:ServerHost},%{WORD:Service},...
My question is: Can I allow optional field?
At times some of the fileds might be empty ,,
Is there a pattern that matches a string like this 2.3.5 ?
( a kind of version number )
回答1:
At it's base, grok is based on regular expressions, so you can surround a pattern with ()? to make it optional -- for example (%{NUMBER:requestId})?,
If there isn't a grok pattern that suits your needs, you can always create a named extraction like this: (?<version>[\d\.]+) which would extract into version, a string that has any number of digits and dots in it.
来源:https://stackoverflow.com/questions/30083719/logstash-optional-fields-in-logfile