regexp
The
regexp parser plugin parses logs by given regexp pattern. The regexp must have at least one named capture (?<NAME>PATTERN). If the regexp has a capture named time, this is configurable via time_key parameter, it is used as the time of the event. You can specify the time format using the time_format parameter.<parse>
@type regexp
expression /.../
</parse>
type | default | version |
|---|---|---|
regexp | required parameter | 1.2.0 |
Specifies the regular expression for matching logs. Regular expression also supports
i and m suffix.Ignores case in matching.
expression /.../i
expression /.../m
Specifies both
i and m.expression /.../im
expression is the string type before 1.2.0.type | default | version |
|---|---|---|
bool | false | 0.14.2 |
Ignores case in matching. Use
i option with expression.Deprecated since 1.2.0. Use
expression /pattern/i instead.type | default | version |
|---|---|---|
bool | false | 0.14.2 |
Builds regular expression in multiline mode.
. matches the newline. See Ruby's Regexp. Use m option with expression.Deprecated since 1.2.0. Use
expression /pattern/m instead.With this configuration:
<parse>
@type regexp
expression /^\[(?<logtime>[^\]]*)\] (?<name>[^ ]*) (?<title>[^ ]*) (?<id>\d*)$/
time_key logtime
time_format %Y-%m-%d %H:%M:%S %z
types id:integer
</parse>
This incoming event:
[2013-02-28 12:00:00 +0900] alice engineer 1
is parsed as:
time:
1362020400 (2013-02-28 12:00:00 +0900)
record:
{
"name" : "alice",
"title": "engineer",
"id" : 1
}
fluentd-ui's
in_tail editor helps your regexp testing. Another way, Fluentular is a great website to test your regexp for Fluentd configuration.NOTE: You may hit Application Error at Fluentular due to heroku's free plan limitation. Retry a few hours later or use
fluentd-ui instead.If this article is incorrect or outdated, or omits critical information, please let us know. Fluentd is an open-source project under Cloud Native Computing Foundation (CNCF). All components are available under the Apache 2 License.
Last modified 1yr ago