regexp
Last updated
Was this helpful?
Last updated
Was this helpful?
Was this helpful?
The regexp parser plugin parses logs by given regexp pattern. The regexp must have at least one named capture (?<NAME>PATTERN). If the regexp has a capture named time, this is configurable via time_key parameter, it is used as the time of the event. You can specify the time format using the time_format parameter.
<parse>
@type regexp
expression /.../
</parse>See Parse Section Configurations for common parameters.
expressionregexp
required parameter
1.2.0
Specifies the regular expression for matching logs. Regular expression also supports i and m suffix.
i (ignorecase)Ignores case in matching.
expression /.../im (multiline)Build regular expression as a multiline mode. . matches the newline. See Ruby's Regexp.
expression /.../mbothSpecifies both i and m.
expression /.../imexpression is the string type before 1.2.0.
ignorecasebool
false
0.14.2
Ignores case in matching. Use i option with expression.
Deprecated since 1.2.0. Use expression /pattern/i instead.
multilinebool
false
0.14.2
Builds regular expression in multiline mode. . matches the newline. See Ruby's Regexp. Use m option with expression.
Deprecated since 1.2.0. Use expression /pattern/m instead.
With this configuration:
<parse>
@type regexp
expression /^\[(?<logtime>[^\]]*)\] (?<name>[^ ]*) (?<title>[^ ]*) (?<id>\d*)$/
time_key logtime
time_format %Y-%m-%d %H:%M:%S %z
types id:integer
</parse>This incoming event:
[2013-02-28 12:00:00 +0900] alice engineer 1is parsed as:
time:
1362020400 (2013-02-28 12:00:00 +0900)
record:
{
"name" : "alice",
"title": "engineer",
"id" : 1
}fluentd-ui's in_tail editor helps your regexp testing. Another way, Fluentular is a great website to test your regexp for Fluentd configuration.
NOTE: You may hit Application Error at Fluentular due to heroku's free plan limitation. Retry a few hours later or use fluentd-ui instead.
If this article is incorrect or outdated, or omits critical information, please let us know. Fluentd is an open-source project under Cloud Native Computing Foundation (CNCF). All components are available under the Apache 2 License.