我有两条日志行,如下所示:
[2020-04-01][14:57:31]E: Step 8/13: Main workflow (Python) (8m:48s)
[2020-04-01][15:14:02]W: Cannot find Latest build with tag: 'ArtifactSizeBaseline' to calculate metric 'total artifacts size'.
和一个类似的匹配字符串
%{DATE:EventDate}][%{TIME:EventTime}](s+)?%{WORD:Loglevel}:(s+)?%{DATA:Step}:(s+)%{GREEDYDATA:EventMessage}
对于语句一,我的输出应该是这样的:
{'EventDate':'2020-04-01', 'EventTime':'14:57:31', 'LogLevel':'E', 'Step':'Step 8/13', 'EventMessage':'Main workflow (Python) (8m:48s)'}
理想情况下,第二个日志行不包含步骤。因此,输出应该看起来像
{'EventDate':'2020-04-01', 'EventTime':'15:14:02', 'LogLevel':'W', 'Step':'', 'EventMessage':'Cannot find Latest build with tag: 'ArtifactSizeBaseline' to calculate metric 'total artifacts size'.'}
但我得到的是这个
{'EventDate':'2020-04-01', 'EventTime':'15:14:02', 'LogLevel':'W', 'Step':'Cannot find Latest build with tag: ', 'EventMessage':''ArtifactSizeBaseline' to calculate metric 'total artifacts size'.'}
匹配字符串有办法区分这两条日志行吗?
此正则表达式匹配两行:
%{DATE:EventDate}][%{TIME:EventTime}](s+)?%{WORD:Loglevel}:s+((?=Stepsb)%{DATA:Step}:)?s?%{GREEDYDATA:EventMessage}
如果发现单词"Step"后面跟着空白和数字,它将使用正向前瞻以及可选的DATA提取。
在该站点测试两条线路:
https://grokconstructor.appspot.com/do/match
我希望我能帮助你。