regex - Logstash optional fields in logfile

Question

Welcome To Ask or Share your Answers For Others

regex - Logstash optional fields in logfile

asked Oct 24, 2021 in Technique[技术] by 深蓝 (71.8m points)

regex - Logstash optional fields in logfile

I'm trying to parse a logfile using grok

Each line of the logfile has fields separated by commas:

13,home,ABC,Get,,Private, Public,1.2.3 ecc...

I'm using match like this: match => [ "message", "%{NUMBER:requestId},%{WORD:ServerHost},%{WORD:Service},...

My question is: Can I allow optional field? At times some of the fileds might be empty ,,

Is there a pattern that matches a string like this 2.3.5 ? ( a kind of version number )

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙；凝视深渊过久,深渊将回以凝视…

1 Answer

深蓝 · Answer 1 · 2021-10-23T17:47:39+0000

At it's base, grok is based on regular expressions, so you can surround a pattern with ()? to make it optional -- for example (%{NUMBER:requestId})?,

If there isn't a grok pattern that suits your needs, you can always create a named extraction like this: (?<version>[d.]+) which would extract into version, a string that has any number of digits and dots in it.

Categories

regex - Logstash optional fields in logfile

regex - Logstash optional fields in logfile

Please log in or register to add a comment.

Please log in or register to answer this question.

1 Answer

Please log in or register to add a comment.

Just Browsing Browsing

Most popular tags