我正在尝试使用daemon logs从我的linux机器解析elastic search到fluentd,但很难为它创建regex模式。以下是守护程序日志中的一些日志:
Jun 5 06:46:14 user avahi-daemon[309]: Registering new address record for fe80::a7c0:8b54:ee45:ea4 on wlan0.*.
Jun 5 06:46:14 user dhcpcd[337]: wlan0: deleting default route via fe80::1e56:feff:fe13:2da
Jun 5 06:46:14 user dhcpcd[337]: wlan0: deleting route to 2402:3a80:9db:48da::/64
Jun 5 06:46:14 user dhcpcd[337]: wlan0: deleting address fe80::a7c0:8b54:ee45:ea4
Jun 5 06:46:14 user avahi-daemon[309]: Withdrawing address record for fe80::a7c0:8b54:ee45:ea4 on wlan0.
Jun 5 06:46:14 user avahi-daemon[309]: Leaving mDNS multicast group on interface wlan0.IPv6 with address fe80::a7c0:8b54:ee45:ea4.
从上面的日志中可以看出,首先我们有time个日志,然后我们有username和daemon name,然后是message }。
我想为以上日志创建以下json格式:
{
"time": "Jun 5 06:46:14",
"username": "user",
"daemon": "avahi-daemon[309]",
"msg": "Registering new address record for fe80::a7c0:8b54:ee45:ea4 on wlan0.*."
}
{
"time": "Jun 5 06:46:14",
"username": "user",
"daemon": "dhcpcd[337]: wlan0",
"msg": "deleting default route via fe80::1e56:feff:fe13:2da"
}
任何人都可以给我一些帮助。是否有任何工具可以用来生成流利的正则表达式。
编辑:
我设法从日志中获得了一些匹配的东西,如:
^(?<time>^(.*?:.*?):\d\d) (?<username>[^ ]*) matches Jun 5 06:46:14 user
但是当我在fluentular中传递时,它没有显示任何结果。
答案 0 :(得分:1)
尝试正则表达式:^(?<time>[A-Za-z]{3}\s+\d{1,2}\s+\d{2}:\d{2}:\d{2})\s(?<username>[^ ]+)\s+(?<daemon>[^:]+):\s+(?<message>.*)$
请参阅Demo