I'm having some issue with white spaces in grok...
I have strings that look like this:
1491783364087 group-segmentation-service-master asdf-replica-sync-dev 5 55 55 0 consumer-1_ip-34-25-65.companya.com/10.34.25.65
I'm trying to parse them with grok with something like this:
%{NUMBER:poll_time} +%{WORD:consumer_group} +%{WORD:topic} +%{NUMBER:partition} +%{NUMBER:current_offset} +%{NUMBER:log_end_offset} +%{NUMBER:lag}
but I think I'm having issues accounting for the white spaces...
I've been trying to test various patterns in this: http://grokdebug.herokuapp.com/
but haven't had much luck...
答案 0 :(得分:0)
您可以使用grok令牌%{SPACE}来计算空格。此外,令牌%{WORD}不会与您的消费者群体和主题相匹配,因为相应的正则表达式为\w,转换为[A-Za-z0-9_](带有非核心的字母数字)。最接近它的是使用%{NOSPACE}。
这样的事情应该有效:
%{NUMBER:poll_time}%{SPACE}%{NOTSPACE:consumer_group}%{SPACE}%{NOTSPACE:topic}%{SPACE}%{NUMBER:partion}%{SPACE}%{NUMBER:current_offset}%{SPACE}%{NUMBER:log_end_offset}%{SPACE}%{NUMBER:lag}