我有一个简单的conf:
<source>
@type tail
@id in_tail_springboot_container_logs
#path /var/log/containers/*.log
path /var/log/logtest.txt
#path /var/log/containers/springbootrabbitmqlistener-*.log
pos_file /var/log/fluentd-springboot-containers.log.pos
@log_level debug
multiline_flush_interval 5s
format multiline
format1 (?<timestamp>\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}.\d{3}) (?<level>INFO|ERROR|WARN|TRACE|DEBUG|FATAL)\s+\[(?<app>[^\,]+),(?<zipkintraceid>[^\,]*),(?<zipkinspanid>[^\,]*),(?<zipkinsent>[^\]]*)] (?<someid>[0-9]+) --- \[(?<thread>[^\]]+)] (?<classname>[^\ ]+)\s+\: (?<text>.*)
format_firstline ?<timestamp>\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}.\d{3}
tag springboot.*
read_from_head true
<parse>
@type json
time_format %Y-%m-%dT%H:%M:%S.%NZ
</parse>
</source>
我用输入行对其进行测试:
2018-11-09 08:49:36.111 INFO [SpringBootMicroservice,,,] 5820 --- [ main] o.s.j.e.a.AnnotationMBeanExporter : Bean with name 'environmentManager' has been autodetected for JMX exposure
我已经用https://regex101.com/对其进行了测试。
一切正常。
问题是流利的人不喜欢它:
2018-11-09 08:48:18 +0000 [warn]: #0 [in_tail_springboot_container_logs] pattern not match: "2018-11-09 08:49:36.111 INFO [SpringBootMicroservice,id1,id2,true] 5820 --- [ main] o.s.j.e.a.AnnotationMBeanExporter : Bean with name 'environmentManager' has been autodetected for JMX exposure"
你能告诉我我的conf有什么问题吗?
答案 0 :(得分:1)
问题似乎出在这一行:
format_firstline ?<timestamp>\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}.\d{3}
问题在于,时间戳命名组的格式不正确-整个组都需要加上括号,如下所示:
↓ ↓
format_firstline (?<timestamp>\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}\.\d{3})
↑
为了做个好习惯,(如Regex资深手Wiktor所提到的那样),当您将.用作原义的点而不是通配符时,应避免使用它们。