Logstash Grok pattern with multiple matches

♀尐吖头ヾ 提交于 2021-01-08 02:39:03

问题


I am attempting to write a grok expression that will result in multiple matches. I'm parsing a line that has 5 repetitions of the same pattern.

I've been able to make a simple pattern with a regex that will return multiple matches but it seems that Grok doesn't work that way. I don't really understand Ruby so I haven't really inspected the code.

Example input:

222444555

Pattern:

(?<number>\d{3})*

I would have expected output like this:

"number" : [
    [
        "222", "444", "555"
    ]
]

or something like that. Is this possible in Grok? I know I could just repeat the pattern three times, but on some lines there are an unknown number of repetitions.

Any pointers?


回答1:


I took a different approach. I used grok to extract the part of the line that was repeating. Then I used a ruby {} filter to chop the line up into parts using the scan function:

ruby {
    code => "event.put('segment', event.get('segments').scan(/.{3}/))
}

That worked really well as it created an array in the segment property, then followed by split {} on that field I got the multiple events that I wanted.



来源:https://stackoverflow.com/questions/41385831/logstash-grok-pattern-with-multiple-matches

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!