我的 ceph 集群中有不同的存储桶名称,但我只能理解名称中没有任何特殊字符的存储桶名称。
所以这个我可以理解:
2021-07-06T13:57:38.036+0700 7feda336b700 1 beast: 0x7fedfbac36b0: 10.1.1.1 - - [2021-07-06T13:57:38.036349+0700] "PUT /streaming/asdasdasd/259/25945595/25945595_210706135800103522093.jpg HTTP/1.1" 200 70689 - "aws-sdk-java/1.11.354 Linux/3.10.0-1160.25.1.el7.x86_64 OpenJDK_64-Bit_Server_VM/25.292-b10 java/1.8.0_292 scala/2.12.8" -
使用此过滤器
%{TIMESTAMP_ISO8601:LogTimestamp}\] \"%{WORD:request_method} /%{WORD:bucketname}%{URIPATHPARAM:request} HTTP/1.1" %{NUMBER:httprespcode:int}
我可以得到我想要的方法、名称、代码、bucketname
但是如果存储桶名称类似于“some..thing”
2021-07-06T13:57:38.036+0700 7feda336b700 1 beast: 0x7fedfbac36b0: 10.1.1.1 - - [2021-07-06T13:57:38.036349+0700] "PUT /some..thing/asdasdasd/259/25945595/25945595_210706135800103522093.jpg HTTP/1.1" 200 70689 - "aws-sdk-java/1.11.354 Linux/3.10.0-1160.25.1.el7.x86_64 OpenJDK_64-Bit_Server_VM/25.292-b10 java/1.8.0_292 scala/2.12.8" -
或“某物”
2021-07-06T13:57:38.036+0700 7feda336b700 1 beast: 0x7fedfbac36b0: 10.1.1.1 - - [2021-07-06T13:57:38.036349+0700] "PUT /some-thing/asdasdasd/259/25945595/25945595_210706135800103522093.jpg HTTP/1.1" 200 70689 - "aws-sdk-java/1.11.354 Linux/3.10.0-1160.25.1.el7.x86_64 OpenJDK_64-Bit_Server_VM/25.292-b10 java/1.8.0_292 scala/2.12.8" -
我无法匹配。 有什么诀窍?
答案 0 :(得分:0)
%{TIMESTAMP_ISO8601:LogTimestamp}\] \"%{WORD:request_method} (?<interface>/{0,1}[a-zA-Z0-9]*)(?<interface_version>/{0,1}[a-zA-Z0-9]*)/(?<bucketname>(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.{1,})*([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9]))%{URIPATHPARAM:request} HTTP/1.1" %{NUMBER:httprespcode:int}