如何查找日志中的消息部分.和-



我的ceph集群中有不同的bucket名称,但我只能查找名称中没有任何特殊字符的bucket。

所以我可以找到这个:

2021-07-06T13:57:38.036+0700 7feda336b700  1 beast: 0x7fedfbac36b0: 10.1.1.1 - - [2021-07-06T13:57:38.036349+0700] "PUT /streaming/asdasdasd/259/25945595/25945595_210706135800103522093.jpg HTTP/1.1" 200 70689 - "aws-sdk-java/1.11.354 Linux/3.10.0-1160.25.1.el7.x86_64 OpenJDK_64-Bit_Server_VM/25.292-b10 java/1.8.0_292 scala/2.12.8" -

使用这个过滤器

%{TIMESTAMP_ISO8601:LogTimestamp}] "%{WORD:request_method} /%{WORD:bucketname}%{URIPATHPARAM:request} HTTP/1.1" %{NUMBER:httprespcode:int}

我可以得到我想要的方法,名称,代码,桶名

但是,如果桶名称类似于";一些事物;

2021-07-06T13:57:38.036+0700 7feda336b700  1 beast: 0x7fedfbac36b0: 10.1.1.1 - - [2021-07-06T13:57:38.036349+0700] "PUT /some..thing/asdasdasd/259/25945595/25945595_210706135800103522093.jpg HTTP/1.1" 200 70689 - "aws-sdk-java/1.11.354 Linux/3.10.0-1160.25.1.el7.x86_64 OpenJDK_64-Bit_Server_VM/25.292-b10 java/1.8.0_292 scala/2.12.8" -

或";一些事情";

2021-07-06T13:57:38.036+0700 7feda336b700  1 beast: 0x7fedfbac36b0: 10.1.1.1 - - [2021-07-06T13:57:38.036349+0700] "PUT /some-thing/asdasdasd/259/25945595/25945595_210706135800103522093.jpg HTTP/1.1" 200 70689 - "aws-sdk-java/1.11.354 Linux/3.10.0-1160.25.1.el7.x86_64 OpenJDK_64-Bit_Server_VM/25.292-b10 java/1.8.0_292 scala/2.12.8" -

我比不上。诀窍是什么?

%{TIMESTAMP_ISO8601:LogTimestamp}] "%{WORD:request_method} (?<interface>/{0,1}[a-zA-Z0-9]*)(?<interface_version>/{0,1}[a-zA-Z0-9]*)/(?<bucketname>(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]).{1,})*([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))%{URIPATHPARAM:request} HTTP/1.1" %{NUMBER:httprespcode:int}

相关内容

  • 没有找到相关文章

最新更新