logstash 中的贪婪匹配

2024-01-03 20:10:34

logstash  中的贪婪匹配:

10.252.142.174 - - [06/Sep/2016:08:41:36 +0800] "GET /api/validate/code/send?mobilePhone=18652221499&messageType=1&_=1454297673274 HTTP/1.1" 200 52 0.010 112.17.240.27

表达式:

%{IPORHOST:clientip}\s+\-\s+\-\s+\[%{HTTPDATE:time}\]\s+\"%{WORD:verb}\s+(?<api>(\S+))\?.*%{IPORHOST:remote}

输出;

{

  "clientip": [

    [

      "10.252.142.174"

    ]

  ],

  "time": [

    [

      "06/Sep/2016:08:41:36 +0800"

    ]

  ],

  "verb": [

    [

      "GET"

    ]

  ],

  "api": [

    [

      "/api/validate/code/send"

    ]

  ],

  "remote": [

    [

      "27"

    ]

  ]

}

此时remote 输出27

/*****************

%{IPORHOST:clientip}\s+\-\s+\-\s+\[%{HTTPDATE:time}\]\s+\"%{WORD:verb}\s+(?<api>(\S+))\?.*?%{IPORHOST:remote}

此时输出:

{

  "clientip": [

    [

      "10.252.142.174"

    ]

  ],

  "time": [

    [

      "06/Sep/2016:08:41:36 +0800"

    ]

  ],

  "verb": [

    [

      "GET"

    ]

  ],

  "api": [

    [

      "/api/validate/code/send"

    ]

  ],

  "remote": [

    [

      "112.17.240.27"

    ]

  ]

}

或者:

%{IPORHOST:clientip}\s+\-\s+\-\s+\[%{HTTPDATE:time}\]\s+\"%{WORD:verb}\s+(?<api>(\S+))\?.*\s+%{IPORHOST:remote}
上一篇:omcat+java的web程序持续占cpu高问题调试【转】


下一篇:.net core 和 WPF 开发升讯威在线客服系统【私有化部署免费版】发布