Logstash自带正则表达式
USERNAME [a-zA-Z0-._-]+
USER %{USERNAME}
INT (?:[+-]?(?:[-]+))
BASE10NUM (?<![-.+-])(?>[+-]?(?:(?:[-]+(?:\.[-]+)?)|(?:\.[-]+)))
NUMBER (?:%{BASE10NUM})
BASE16NUM (?<![-9A-Fa-f])(?:[+-]?(?:0x)?(?:[-9A-Fa-f]+))
BASE16FLOAT \b(?<![-9A-Fa-f.])(?:[+-]?(?:0x)?(?:(?:[-9A-Fa-f]+(?:\.[-9A-Fa-f]*)?)|(?:\.[-9A-Fa-f]+)))\b POSINT \b(?:[-][-]*)\b
NONNEGINT \b(?:[-]+)\b
WORD \b\w+\b
NOTSPACE \S+
SPACE \s*
DATA .*?
GREEDYDATA .*
QUOTEDSTRING (?>(?<!\\)(?>”(?>\\.|[^\\"]+)+”|”"|(?>’(?>\\.|[^\\']+)+’)|”|(?>(?>\\.|[^\]+)+)|`))
UUID [A-Fa-f0-]{}-(?:[A-Fa-f0-]{}-){}[A-Fa-f0-]{} # Networking
MAC (?:%{CISCOMAC}|%{WINDOWSMAC}|%{COMMONMAC})
CISCOMAC (?:(?:[A-Fa-f0-]{}\.){}[A-Fa-f0-]{})
WINDOWSMAC (?:(?:[A-Fa-f0-]{}-){}[A-Fa-f0-]{})
COMMONMAC (?:(?:[A-Fa-f0-]{}:){}[A-Fa-f0-]{})
IPV6 ((([-9A-Fa-f]{,}:){}([-9A-Fa-f]{,}|:))|(([-9A-Fa-f]{,}:){}(:[-9A-Fa-f]{,}|(([-]|[-]\d|\d\d|[-]?\d)(\.([-]|[-]\d|\d\d|[-]?\d)){})|:))|(([-9A-Fa-f]{,}:){}(((:[-9A-Fa-f]{,}){,})|:(([-]|[-]\d|\d\d|[-]?\d)(\.([-]|[-]\d|\d\d|[-]?\d)){})|:))|(([-9A-Fa-f]{,}:){}(((:[-9A-Fa-f]{,}){,})|((:[-9A-Fa-f]{,})?:(([-]|[-]\d|\d\d|[-]?\d)(\.([-]|[-]\d|\d\d|[-]?\d)){}))|:))|(([-9A-Fa-f]{,}:){}(((:[-9A-Fa-f]{,}){,})|((:[-9A-Fa-f]{,}){,}:(([-]|[-]\d|\d\d|[-]?\d)(\.([-]|[-]\d|\d\d|[-]?\d)){}))|:))|(([-9A-Fa-f]{,}:){}(((:[-9A-Fa-f]{,}){,})|((:[-9A-Fa-f]{,}){,}:(([-]|[-]\d|\d\d|[-]?\d)(\.([-]|[-]\d|\d\d|[-]?\d)){}))|:))|(([-9A-Fa-f]{,}:){}(((:[-9A-Fa-f]{,}){,})|((:[-9A-Fa-f]{,}){,}:(([-]|[-]\d|\d\d|[-]?\d)(\.([-]|[-]\d|\d\d|[-]?\d)){}))|:))|(:(((:[-9A-Fa-f]{,}){,})|((:[-9A-Fa-f]{,}){,}:(([-]|[-]\d|\d\d|[-]?\d)(\.([-]|[-]\d|\d\d|[-]?\d)){}))|:)))(%.+)?
IPV4 (?<![-])(?:(?:[-]|[-][-]|[-]?[-]{,})[.](?:[-]|[-][-]|[-]?[-]{,})[.](?:[-]|[-][-]|[-]?[-]{,})[.](?:[-]|[-][-]|[-]?[-]{,}))(?![-])
IP (?:%{IPV6}|%{IPV4})
HOSTNAME \b(?:[-9A-Za-z][-9A-Za-z-]{,})(?:\.(?:[-9A-Za-z][-9A-Za-z-]{,}))*(\.?|\b)
HOST %{HOSTNAME}
IPORHOST (?:%{HOSTNAME}|%{IP})
HOSTPORT (?:%{IPORHOST=~/\./}:%{POSINT}) # paths
PATH (?:%{UNIXPATH}|%{WINPATH})
UNIXPATH (?>/(?>[\w_%!$@:.,-]+|\\.)*)+
TTY (?:/dev/(pts|tty([pq])?)(\w+)?/?(?:[-]+))
WINPATH (?>[A-Za-z]+:|\\)(?:\
^\\?*]*)+
URIPROTO [A-Za-z]+(\+[A-Za-z+]+)?
URIHOST %{IPORHOST}(?::%{POSINT:port})?
# uripath comes loosely from RFC1738, but mostly from what Firefox
# doesn’t turn into %XX
URIPATH (?:/[A-Za-z0-$.+!*'(){},~:;=@#%_\-]*)+
#URIPARAM \?(?:[A-Za-z0-]+(?:=(?:[^&]*))?(?:&(?:[A-Za-z0-]+(?:=(?:[^&]*))?)?)*)?
URIPARAM \?[A-Za-z0-$.+!*’|(){},~@#%&/=:;_?\-\[
]*
URIPATHPARAM %{URIPATH}(?:%{URIPARAM})?
URI %{URIPROTO}://(?:%{USER}(?::[^@]*)?@)?(?:%{URIHOST})?(?:%{URIPATHPARAM})? # Months: January, Feb, , , , December
MONTH \b(?:Jan(?:uary)?|Feb(?:ruary)?|Mar(?:ch)?|Apr(?:il)?|May|Jun(?:e)?|Jul(?:y)?|Aug(?:ust)?|Sep(?:tember)?|Oct(?:ober)?|Nov(?:ember)?|Dec(?:ember)?)\b
MONTHNUM (?:?[-]|[-])
MONTHDAY (?:(?:[-])|(?:[][-])|(?:[])|[-]) # Days: Monday, Tue, Thu, etc…
DAY (?:Mon(?:day)?|Tue(?:sday)?|Wed(?:nesday)?|Thu(?:rsday)?|Fri(?:day)?|Sat(?:urday)?|Sun(?:day)?) # Years?
YEAR (?>\d\d){,}
HOUR (?:[]|[]?[-])
MINUTE (?:[-][-])
# ’′ is a leap second in most time standards and thus is valid.
SECOND (?:(?:[-][-]|)(?:[:.,][-]+)?)
TIME (?!<[-])%{HOUR}:%{MINUTE}(?::%{SECOND})(?![-])
# datestamp is YYYY/MM/DD-HH:MM:SS.UUUU (or something like it)
DATE_US %{MONTHNUM}[/-]%{MONTHDAY}[/-]%{YEAR}
DATE_EU %{MONTHDAY}[./-]%{MONTHNUM}[./-]%{YEAR}
ISO8601_TIMEZONE (?:Z|[+-]%{HOUR}(?::?%{MINUTE}))
ISO8601_SECOND (?:%{SECOND}|)
TIMESTAMP_ISO8601 %{YEAR}-%{MONTHNUM}-%{MONTHDAY}[T ]%{HOUR}:?%{MINUTE}(?::?%{SECOND})?%{ISO8601_TIMEZONE}?
DATE %{DATE_US}|%{DATE_EU}
DATESTAMP %{DATE}[- ]%{TIME}
TZ (?:[PMCE][SD]T|UTC)
DATESTAMP_RFC822 %{DAY} %{MONTH} %{MONTHDAY} %{YEAR} %{TIME} %{TZ}
DATESTAMP_OTHER %{DAY} %{MONTH} %{MONTHDAY} %{TIME} %{TZ} %{YEAR} # Syslog Dates: Month Day HH:MM:SS
SYSLOGTIMESTAMP %{MONTH} +%{MONTHDAY} %{TIME}
PROG (?:[\w._/%-]+)
SYSLOGPROG %{PROG:program}(?:
)?
SYSLOGHOST %{IPORHOST}
SYSLOGFACILITY <%{NONNEGINT:facility}.%{NONNEGINT:priority}>
HTTPDATE %{MONTHDAY}/%{MONTH}/%{YEAR}:%{TIME} %{INT} # Shortcuts
QS %{QUOTEDSTRING} # Log formats
SYSLOGBASE %{SYSLOGTIMESTAMP:timestamp} (?:%{SYSLOGFACILITY} )?%{SYSLOGHOST:logsource} %{SYSLOGPROG}:
COMMONAPACHELOG %{IPORHOST:clientip} %{USER:ident} %{USER:auth}
“(?:%{WORD:verb} %{NOTSPACE:request}(?: HTTP/%{NUMBER:httpversion})?|%{DATA:rawrequest})” %{NUMBER:response} (?:%{NUMBER:bytes}|-)
COMBINEDAPACHELOG %{COMMONAPACHELOG} %{QS:referrer} %{QS:agent} # Log Levels
LOGLEVEL ([A-a]lert|ALERT|[T|t]race|TRACE|[D|d]ebug|DEBUG|[N|n]otice|NOTICE|[I|i]nfo|INFO|[W|w]arn?(?:ing)?|WARN?(?:ING)?|[E|e]rr?(?:or)?|ERR?(?:OR)?|[C|c]rit?(?:ical)?|CRIT?(?:ICAL)?|[F|f]atal|FATAL|[S|s]evere|SEVERE|EMERG(?:ENCY)?|[Ee]merg(?:ency)?)
Logstash自带正则表达式的更多相关文章
- iOS系统自带正则表达式简单运用
//组装一个字符串,把里面的网址解析出来 NSString *urlString = @"sfdshttp://www.baidu.com"; NSError *error; // ...
- JavaScript实现带正则表达式的表单校验(校验成功后跳转)
运行结果: 源代码: 1 <!DOCTYPE html> 2 <html lang="zh"> 3 <head> 4 <meta char ...
- Logstash使用grok过滤nginx日志(二)
在生产环境中,nginx日志格式往往使用的是自定义的格式,我们需要把logstash中的message结构化后再存储,方便kibana的搜索和统计,因此需要对message进行解析. 本文采用grok ...
- logstash 配置文件语法
需要一个配置文件 管理输入.过滤器和输出相关的配置.配置文件内容格式如下: # 输入 input { ... } # 过滤器 filter { ... } # 输出 output { ... } 先来 ...
- 论logstash的玩法(ELK)
本篇文章采用的采用的是logstash-7.7.0版本,主要从如下几个方面介绍 1.logstash是什么,可以用来干啥 2.logstash的基本原理是什么 3.怎么去玩这个elk的组件logsta ...
- 浅尝 Elastic Stack (二) Logstash
一.安装与启动 Logstash 依赖 Java 8 或者 Java 11,需要先安装 JDK 1.1 下载 curl -L -O https://artifacts.elastic.co/downl ...
- ELK技术栈之-Logstash详解
ELK技术栈之-Logstash详解 前言 在第九章节中,我们已经安装好Logstash组件了,并且启动实例测试它的数据输入和输出,但是用的是最简单的控制台标准输入和标准输出,那这节我们就来深入的 ...
- 快速掌握grep命令及正则表达式
Linux系统自带了支持拓展正则表达式的 GNU 版本 grep 工具,所有的Linux发行版中均默认安装grep ,grep 命令被用来检索一台服务器或工作站上任何位置的文本信息,如何在 Linux ...
- iOS之正则表达式的使用
一.什么是正则表达式 正则表达式,又称正规表示法,是对字符串操作的一种逻辑公式.正则表达式可以检测给定的字符串是否符合我们定义的逻辑,也可以从字符串中获取我们想要的特定部分.它可以迅速地用极简单的方式 ...
随机推荐
- mybatis启动报错Mapped Statements collection already contains value for com.autoyol.mapper.trans.TransDispatchingMapper解决
1.检查sqlsession配置,在applicationContext文件中.检查mybatis配置文件. 2.检查TransDispatchingMapper.java 是接口类,无注解. 3.T ...
- 使用Matplotlib画图系列(一)
实现一个最简单的plot函数调用: import matplotlib.pyplot as plt y=pp.DS.Transac_open # 设置y轴数据,以数组形式提供 x=len(y) # 设 ...
- Tree Recovery(前序中序求后序)
Tree Recovery Time Limit: 1000MS Memory Limit: 65536K Total Submissions: 14640 Accepted: 9091 De ...
- SpringMVC -- 梗概--源码--壹--跳转
1.配置web.xml <?xml version="1.0" encoding="UTF-8"?> <web-app version=&qu ...
- spring定时任务详解(@Scheduled注解)多线程讲解
(一)在xml里加入task的命名空间 <?xml version="1.0" encoding="UTF-8"?> <beans xmlns ...
- iOS try catch
最近看一些第三方的代码有@try,一副看不懂的样子,真心没用过,于是查了些资料收集在这里,以后遇到就不会再蒙比了.其实这东西确实不怎么用,下文有解释.Objective-C 异常机制 :-- 作用 : ...
- python是c语言开发的
python是c语言开发的. #c语言,没有字符串:字符串使用字符组表现 hello —五个字符 字符数组 [’h’,’e’,…’o’] 所以python中如果对一个字符串进行修改,就是在内存 ...
- SpringBoot(二)-- 支持JSP
SpringBoot虽然支持JSP,但是官方不推荐使用.看网上说,毕竟JSP是淘汰的技术了,泪奔,刚接触 就淘汰.. SpringBoot集成JSP的方法: 1.配置application.prope ...
- Splash scroll_position 属性
scroll_position属性用于控制页面上下或左右滚动,如下,表示控制页面向下滚动 400 像素值并返回结果图, function main(splash, args) assert(splas ...
- Suggestion: add 'tools:replace="android:value"' to <meta-data> element at AndroidManifest.xml:25:5-27:41 to override.
记录下来少走些坑吧 一:不管用 tools:replace="android:icon,android:theme" xmlns:tools="http://schema ...