我正在尝试从字符串中提取相同的数据(但是在不同的“块”中多次。用例是在Fluentd中解析来自Fastly的Syslog消息。
我有这个日志行:
2015-08-27T12:36:58Z cache-foo1234 Name[123456]: 4.151.22.16 "-" "-" POST /api/v1/foo/61ea23fb-53fb-4364-a892-349fdf5f6dca/event?release_type=store&version=2%2E0%2E1&os=ios&device_os_version=8%2E4&device_type=iphone 304 MISS BC942858-64FA-4101-BAE1-19272490697F iPhone 5S
和这个正则表达式(Ruby Regex):
^(?<time>[^ ]*) (?<fastly_server>[^ ]*) (?<log_name>[^ ]*) (?<host>[^ ]*) (?<na>[^ ]*) (?<na2>[^ ]*) (?<http_method>[^ ]*) (?<http_request>[^ ]*) (?<http_status>[^ ]*) (?<cache_status>[^ ]*) (?<uuid>[^ ]*) *(?<device_model>.*)$
这给了我:
time 2015-08-27T12:36:58Z fastly_server cache-foo1234 log_name姓名[123456]:host 4.151.22.16 http_method POST http_request / api / v1 / foo / 61ea23fb-53fb-4364-a892-349fdf5f6dca / event?release_type = store&amp; version = 2%2E0%2E1&amp; os = ios&amp; device_os_version = 8%2E4&amp; device_type = iphone http_status 304 cache_status MISS uuid BC942858-64FA-4101-BAE1-19272490697F device_model iPhone 5S 这是完美的,但我怎么能回去提取ie。 61ea23fb-53fb-4364-a892-349fdf5f6dca,event和具有相同正则表达式的相同字符串中device_os_version的值?
答案 0 :(得分:0)
这是更新的正则表达式:
^(?<time>[^ ]*) (?<fastly_server>[^ ]*) (?<log_name>[^ ]*) (?<host>[^ ]*) (?<na>[^ ]*) (?<na2>[^ ]*) (?<http_method>[^ ]*) (?<http_request>\/api\/v\d+\/foo\/(?<guid>[^\/]+)\/(?<event>[^\/?]+)[^ ]*device_os_version=(?<devosver>[^=&]+)[^ ]*) (?<http_status>[^ ]*) (?<cache_status>[^ ]*) (?<uuid>[^ ]*) *(?<device_model>.*)$
请参阅demo
我刚刚将您的(?<http_request>)部分替换为
(?<http_request>\/api\/v\d+\/foo\/(?<guid>[^\/]+)\/(?<event>[^\/?]+)[^ ]*device_os_version=(?<devosver>[^=&]+)[^ ]*)
^----------------^^-----GUID-------^^--event-------^ ^-------OS Version-------- -------^