我有一个复杂的grok过滤器表达式。。。有可能得到这个过滤器转换成的正则表达式吗?
您可以使用一个简单的Perl脚本来完成这项工作,该脚本读取模式文件,并用它所基于的实际正则表达式替换%{PATTERN}内容——您需要对其进行一些自定义,但它展示了如何做到这一点:
#!/usr/bin/perl
# this is the path to your grok-patterns file
open(F,"patterns/grok-patterns");
while (<F>) {
chomp;
if (/^(S+) (.*)/) {
$pattern{$1} = $2;
}
}
close(F);
# this is the grok pattern I want to expand
$pattern='%{IP:junk} %{COMBINEDAPACHELOG:junk2}';
while ($pattern =~ /(%{([^:}]+):?[^}]*})/) {
$name = $2;
substr($pattern,$-[0],$+[0]) = $pattern{$name};
}
print $pattern,"n";