regexp
The regexp
parser plugin parses logs by given regexp pattern. The regexp must have at least one named capture (?<NAME>
PATTERN). If the regexp has a capture named time
, this is configurable via time_key
parameter, it is used as the time of the event. You can specify the time format using the time_format
parameter.
Parameters
See Parse Section Configurations for common parameters.
expression
expression
regexp
required parameter
1.2.0
Specifies the regular expression for matching logs. Regular expression also supports i
and m
suffix.
i
(ignorecase)
i
(ignorecase)Ignores case in matching.
m
(multiline)
m
(multiline)Build regular expression as a multiline mode. .
matches the newline. See Ruby's Regexp.
both
both
Specifies both i
and m
.
expression
is the string type before 1.2.0.
ignorecase
ignorecase
bool
false
0.14.2
Ignores case in matching. Use i
option with expression.
Deprecated since 1.2.0. Use expression /pattern/i
instead.
multiline
multiline
bool
false
0.14.2
Builds regular expression in multiline mode. .
matches the newline. See Ruby's Regexp. Use m
option with expression.
Deprecated since 1.2.0. Use expression /pattern/m
instead.
Example
With this configuration:
This incoming event:
is parsed as:
FAQ
How to debug my regexp pattern?
fluentd-ui's in_tail
editor helps your regexp testing. Another way, Fluentular is a great website to test your regexp for Fluentd configuration.
NOTE: You may hit Application Error at Fluentular due to heroku's free plan limitation. Retry a few hours later or use fluentd-ui
instead.
If this article is incorrect or outdated, or omits critical information, please let us know. Fluentd is an open-source project under Cloud Native Computing Foundation (CNCF). All components are available under the Apache 2 License.
Last updated