regexp
Last updated
Last updated
The regexp
parser plugin parses logs by given regexp pattern. The regexp must have at least one named capture (?<NAME>
PATTERN). If the regexp has a capture named time
, this is configurable via time_key
parameter, it is used as the time of the event. You can specify the time format using the time_format
parameter.
See Parse Section Configurations for common parameters.
expression
type | default | version |
---|---|---|
Specifies the regular expression for matching logs. Regular expression also supports i
and m
suffix.
i
(ignorecase)Ignores case in matching.
m
(multiline)Build regular expression as a multiline mode. .
matches the newline. See Ruby's Regexp.
both
Specifies both i
and m
.
expression
is the string type before 1.2.0.
ignorecase
Ignores case in matching. Use i
option with expression.
Deprecated since 1.2.0. Use expression /pattern/i
instead.
multiline
Builds regular expression in multiline mode. .
matches the newline. See Ruby's Regexp. Use m
option with expression.
Deprecated since 1.2.0. Use expression /pattern/m
instead.
With this configuration:
This incoming event:
is parsed as:
fluentd-ui's in_tail
editor helps your regexp testing. Another way, Fluentular is a great website to test your regexp for Fluentd configuration.
NOTE: You may hit Application Error at Fluentular due to heroku's free plan limitation. Retry a few hours later or use fluentd-ui
instead.
If this article is incorrect or outdated, or omits critical information, please let us know. Fluentd is an open-source project under Cloud Native Computing Foundation (CNCF). All components are available under the Apache 2 License.
type | default | version |
---|---|---|
type | default | version |
---|---|---|
regexp
required parameter
1.2.0
bool
false
0.14.2
bool
false
0.14.2