0

我试图从字符串中提取相同的数据(但在不同的“块”中多次。用例是在 Fluentd 中解析来自 Fastly 的 Syslog 消息。

我有这个日志行:

2015-08-27T12:36:58Z cache-foo1234 Name[123456]: 4.151.22.16 "-" "-" POST /api/v1/foo/61ea23fb-53fb-4364-a892-349fdf5f6dca/event?release_type=store&version=2%2E0%2E1&os=ios&device_os_version=8%2E4&device_type=iphone 304 MISS BC942858-64FA-4101-BAE1-19272490697F iPhone 5S

到目前为止,这个正则表达式(Ruby Regex):

^(?<time>[^ ]*) (?<fastly_server>[^ ]*) (?<log_name>[^ ]*) (?<host>[^ ]*) (?<na>[^ ]*) (?<na2>[^ ]*) (?<http_method>[^ ]*) (?<http_request>[^ ]*) (?<http_status>[^ ]*) (?<cache_status>[^ ]*) (?<uuid>[^ ]*) *(?<device_model>.*)$

这给了我:

  • time2015-08-27T12:36:58Z
  • fastly_server 缓存-foo1234
  • log_name 姓名[123456]:
  • host 4.151.22.16
  • http_method邮政
  • http_request /api/v1/foo/61ea23fb-53fb-4364-a892-349fdf5f6dca/event?release_type=store&version=2%2E0%2E1&os=ios&device_os_version=8%2E4&device_type=iphone
  • http_status304
  • cache_status 错过
  • uuid BC942858-64FA-4101-BAE1-19272490697F
  • device_model iPhone 5S

这是完美的,但我怎么能回去提取即。61ea23fb-53fb-4364-a892-349fdf5f6dcaevent以及device_os_version来自具有相同正则表达式的相同字符串的值?

4

1 回答 1

0

这是更新的正则表达式:

^(?<time>[^ ]*) (?<fastly_server>[^ ]*) (?<log_name>[^ ]*) (?<host>[^ ]*) (?<na>[^ ]*) (?<na2>[^ ]*) (?<http_method>[^ ]*) (?<http_request>\/api\/v\d+\/foo\/(?<guid>[^\/]+)\/(?<event>[^\/?]+)[^ ]*device_os_version=(?<devosver>[^=&]+)[^ ]*) (?<http_status>[^ ]*) (?<cache_status>[^ ]*) (?<uuid>[^ ]*) *(?<device_model>.*)$

查看演示

(?<http_request>)我刚把你的部分换成

(?<http_request>\/api\/v\d+\/foo\/(?<guid>[^\/]+)\/(?<event>[^\/?]+)[^ ]*device_os_version=(?<devosver>[^=&]+)[^ ]*)
                ^----------------^^-----GUID-------^^--event-------^     ^-------OS Version--------   -------^
于 2015-08-27T23:11:50.343 回答