我想从以 Exception 结尾的字符串中获取前 10 个字符。 示例:我有这样的字段:
"ERRORMESSAGE" => "local exporter [default_local] - failed to delete indice
srnRemoteTransportException[[data-2][10.0.x.x:x300][indices:admin/delete]];
nested: IndexNotFoundException[no such index];rnCaused by: [.marvel-es-1-2017
.06.07] IndexNotFoundException[no such index]rn at org.elasticsearch.cl
uster.metadata.MetaDataDeleteIndexService$1.execute(MetaDataDeleteIndexService.j
ava:91)rn at org.elasticsearch.cluster.ClusterStateUpdateTask.execute(C
lusterStateUpdateTask.java:45)rn at org.elasticsearch.cluster.service.I
nternalClusterService.runTasksForExecutor(InternalClusterService.java:468)rn
at org.elasticsearch.cluster.service.InternalClusterService$UpdateTask.run
(InternalClusterService.java:772)rn at org.elasticsearch.common.util.co
ncurrent.PrioritizedEsThreadPoolExecutor$TieBreakingPrioritizedRunnable.runAndCl
ean(PrioritizedEsThreadPoolExecutor.java:231)rn at org.elasticsearch.co
mmon.util.concurrent.PrioritizedEsThreadPoolExecutor$TieBreakingPrioritizedRunna
ble.run(PrioritizedEsThreadPoolExecutor.java:194)rn at java.util.concur
rent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)rn at ja
va.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)r
n at java.lang.Thread.run(Thread.java:745)r",
我需要捕获以异常结尾的字符串的位置。为此,我使用了这个
grok {
match => ["ERRORMESSAGE", "(?<ExceptionType>{10}.Exception)"]
}
我在哪里找到以异常结尾的字符串的前 10 个字符,但我{:exception=>"RegexpError"收到此错误.另一个问题是,如果ERRORTYPE字段中有更多以异常结尾的字符串,那么上面的 grok 是否会产生两个或多个ExceptionType字段?
谢谢
正确的正则表达式是(?<ExceptionType>.{10}Exception)。量词({10}(必须在它量化的令牌(.(之前(至少我是这样理解的,我不是正则表达式专家(。
grok 筛选器将返回第一个匹配项。 在您的示例中,它将eTransportException.