regexp
The regexp parser plugin parses logs by given regexp pattern. The regexp must have at least one named capture (?<NAME>PATTERN). If the regexp has a capture named time, this is configurable via time_key parameter, it is used as the time of the event. You can specify the time format using the time_format parameter.
Parameters
See Parse Section Configurations for common parameters.
expression
expression| type | default | version |
|---|---|---|
regexp | required parameter | 1.2.0 |
Specifies the regular expression for matching logs. Regular expression also supports i and m suffix.
i (ignorecase)
i (ignorecase)Ignores case in matching.
m (multiline)
m (multiline)Build regular expression as a multiline mode. . matches the newline. See Ruby's Regexp.
both
bothSpecifies both i and m.
expression is the string type before 1.2.0.
ignorecase
ignorecase| type | default | version |
|---|---|---|
bool | false | 0.14.2 |
Ignores case in matching. Use i option with expression.
Deprecated since 1.2.0. Use expression /pattern/i instead.
multiline
multiline| type | default | version |
|---|---|---|
bool | false | 0.14.2 |
Builds regular expression in multiline mode. . matches the newline. See Ruby's Regexp. Use m option with expression.
Deprecated since 1.2.0. Use expression /pattern/m instead.
Example
With this configuration:
This incoming event:
is parsed as:
FAQ
How to debug my regexp pattern?
fluentd-ui's in_tail editor helps your regexp testing. Another way, Fluentular is a great website to test your regexp for Fluentd configuration.
NOTE: You may hit Application Error at Fluentular due to heroku's free plan limitation. Retry a few hours later or use fluentd-ui instead.
If this article is incorrect or outdated, or omits critical information, please let us know. Fluentd is an open-source project under Cloud Native Computing Foundation (CNCF). All components are available under the Apache 2 License.
Last updated