我希望使用reqular表达式脚本转换我的nginx日志,如下所示:
原始日志:
07.21.99.178 - - [01/Jun/2012:12:06:23 +0530] "GET /api?playSessionId=live_21_bc206d95-113f-4b49-989b-7dff77af51c410.190.217.2111338532565422 HTTP/1.1" 200 71 "-" "Jakarta Commons-HttpClient/3.1"
我希望 playSessionId 作为我使用以下脚本的输出:
#!/usr/bin/env ruby
mon={"Jan" => '01',"Feb" => '02',"Mar" => '03',"Apr" => '04',"May" => '05',"Jun" => '06',"Jul" => '07',"Aug" => '08',"Sep" => '09',"Oct" => '10',"Nov" => '11',"Dec" => '12'}
STDIN.each_line do |line|
if line =~ /([d+|.]+) (d+)/(w+)/(d+):(d+):d+:d+ +d+] "GET /api?playSessionId=(^&*)/
d = "#{$3}-#{mon$2}-#{$1}"
h = $4
pid = $5
puts "#{d}t#{h}t#{pid}"
end
end
但这似乎行不通:(有人可以告诉我 Java 正则表达式,以便我可以在 Hive 上起诉 Rlike?
我想你想要这个:
/([d+|.]+) (d+)/(w+)/(d+):(d+):d+:d+ +d+] "GET /api?playSessionId=([^ &]+)/
您可能希望为此作业使用标准 unix 工具(grep + sed):
grep 'playSessionId=' foo.log | sed 's/^.*playSessionId=([^ ]*).*$/1/'
我认为你的正则表达式太复杂了。这将完成这项工作:
playSessionId=(.*)s