在和 codec/multiline 搭配使用的时候,需要注意一个问题,grok 正则和普通正则一样,默认是不支持匹配回车换行的。就像你需要 =~ //m 一样也需要单独指定,具体写法是在表达式开始位置加 (?m) 标记。

\s  空格,和 [\n\t\r\f] 语法一样 

(\s*\S+\s*).* 匹配0个或者多个前导字符

简单demo:

 SELECT t.*  FROM

 	    (

 			SELECT

 			t1.sn AS clientSn,

 			t1.userNick,

 			t1.mobilePhone,

 			t3.personName,

 			t2.availableBalance,

 			(SELECT IFNULL(SUM(amount) , 0) FROM ClientRechargeOrder t WHERE t.clientSn= t1.sn AND t.status ='2') AS rechargeAmount,

 			(SELECT IFNULL(SUM(amount) , 0) FROM ClientWithDrawOrder t WHERE t.clientSn= t1.sn AND t.status IN ('1','2','3','4') ) AS withdrawAmount,

 			( (SELECT IFNULL(SUM(capitalBalance) , 0) FROM ProductRepayment t WHERE t.clientSn= t1.sn AND t.status= '1')

 			  +

 			  (SELECT IFNULL(SUM(capitalBalance) , 0) FROM VirtualProductOrder t WHERE t.clientSn= t1.sn AND t.status= '1')

 			) AS investAmount,

 			( (SELECT IFNULL(SUM(yieldBalance) , 0) FROM ProductRepayment t WHERE t.clientSn= t1.sn AND t.status= '2')

 			  +

 			  (SELECT IFNULL(SUM(yieldBalance) , 0) FROM VirtualProductOrder t WHERE t.clientSn= t1.sn AND t.status= '2')

 			) AS yieldAmount,

 			(SELECT IFNULL(SUM(t0.amount) , 0) FROM ClientCoupon t,Coupon t0 WHERE t.clientSn= t1.sn AND t.status = '2' AND t.couponSn = t0.sn AND t0.type IN (1,2)) AS cashCouponAmount

 			FROM  Client t1 , ClientAssetInfo t2 , ClientPersonalInfo t999

 			WHERE t1.sn = t2.clientSn AND t1.sn = t3.clientSn

 	    ) t  WHERE (t.rechargeAmount + t.yieldAmount + t.cashCouponAmount - t.withdrawAmount - t.investAmount - t.availableBalance) != 0;

正则表达式;

\s*(?<query>(\s*\S+\s*).*)\s*

匹配结果:

{

  "query": [

    [

      "SELECT t.*  FROM"

    ]

  ]

}

////////////////////////////////////

正则表达式:

(?m)\s*(?<query>(\s*\S+\s*).*)\s*

匹配结果:

{

  "query": [

    [

      "SELECT t.*  FROM\n \t    (\n \t\t\tSELECT \n \t\t\tt1.sn AS clientSn,\n \t\t\tt1.userNick,\n \t\t\tt1.mobilePhone,\n \t\t\tt3.personName,\n \t\t\tt2.availableBalance,\n \t\t\t(SELECT IFNULL(SUM(amount) , 0) FROM ClientRechargeOrder t WHERE t.clientSn= t1.sn AND t.status ='2') AS rechargeAmount,\n \t\t\t(SELECT IFNULL(SUM(amount) , 0) FROM ClientWithDrawOrder t WHERE t.clientSn= t1.sn AND t.status IN ('1','2','3','4') ) AS withdrawAmount,\n \t\t\t( (SELECT IFNULL(SUM(capitalBalance) , 0) FROM ProductRepayment t WHERE t.clientSn= t1.sn AND t.status= '1') \n \t\t\t  + \n \t\t\t  (SELECT IFNULL(SUM(capitalBalance) , 0) FROM VirtualProductOrder t WHERE t.clientSn= t1.sn AND t.status= '1')  \n \t\t\t) AS investAmount,\n \t\t\t( (SELECT IFNULL(SUM(yieldBalance) , 0) FROM ProductRepayment t WHERE t.clientSn= t1.sn AND t.status= '2') \n \t\t\t  + \n \t\t\t  (SELECT IFNULL(SUM(yieldBalance) , 0) FROM VirtualProductOrder t WHERE t.clientSn= t1.sn AND t.status= '2')  \n \t\t\t) AS yieldAmount,\n \t\t\t(SELECT IFNULL(SUM(t0.amount) , 0) FROM ClientCoupon t,Coupon t0 WHERE t.clientSn= t1.sn AND t.status = '2' AND t.couponSn = t0.sn AND t0.type IN (1,2)) AS cashCouponAmount\n \t\t\tFROM  Client t1 , ClientAssetInfo t2 , ClientPersonalInfo t999\n \t\t\tWHERE t1.sn = t2.clientSn AND t1.sn = t3.clientSn\n \t    ) t  WHERE (t.rechargeAmount + t.yieldAmount + t.cashCouponAmount - t.withdrawAmount - t.investAmount - t.availableBalance) != 0;\n\n\n"

    ]

  ]

}

继续测试;

表达式;

\s*(?<query>(\S+\n*).*)\s*

输出:

{

  "query": [

    [

      "SELECT t.*  FROM"

    ]

  ]

}

正则:

(?m)\s*(?<query>(\S+\n*).*)\s*

Grok Debugger

    Debugger

    Discover

    Patterns

Add custom patterns Keep Empty Captures Named Captures Only Singles Autocomplete  

{

  "query": [

    [

      "SELECT t.*  FROM\n \t    (\n \t\t\tSELECT \n \t\t\tt1.sn AS clientSn,\n \t\t\tt1.userNick,\n \t\t\tt1.mobilePhone,\n \t\t\tt3.personName,\n \t\t\tt2.availableBalance,\n \t\t\t(SELECT IFNULL(SUM(amount) , 0) FROM ClientRechargeOrder t WHERE t.clientSn= t1.sn AND t.status ='2') AS rechargeAmount,\n \t\t\t(SELECT IFNULL(SUM(amount) , 0) FROM ClientWithDrawOrder t WHERE t.clientSn= t1.sn AND t.status IN ('1','2','3','4') ) AS withdrawAmount,\n \t\t\t( (SELECT IFNULL(SUM(capitalBalance) , 0) FROM ProductRepayment t WHERE t.clientSn= t1.sn AND t.status= '1') \n \t\t\t  + \n \t\t\t  (SELECT IFNULL(SUM(capitalBalance) , 0) FROM VirtualProductOrder t WHERE t.clientSn= t1.sn AND t.status= '1')  \n \t\t\t) AS investAmount,\n \t\t\t( (SELECT IFNULL(SUM(yieldBalance) , 0) FROM ProductRepayment t WHERE t.clientSn= t1.sn AND t.status= '2') \n \t\t\t  + \n \t\t\t  (SELECT IFNULL(SUM(yieldBalance) , 0) FROM VirtualProductOrder t WHERE t.clientSn= t1.sn AND t.status= '2')  \n \t\t\t) AS yieldAmount,\n \t\t\t(SELECT IFNULL(SUM(t0.amount) , 0) FROM ClientCoupon t,Coupon t0 WHERE t.clientSn= t1.sn AND t.status = '2' AND t.couponSn = t0.sn AND t0.type IN (1,2)) AS cashCouponAmount\n \t\t\tFROM  Client t1 , ClientAssetInfo t2 , ClientPersonalInfo t999\n \t\t\tWHERE t1.sn = t2.clientSn AND t1.sn = t3.clientSn\n \t    ) t  WHERE (t.rechargeAmount + t.yieldAmount + t.cashCouponAmount - t.withdrawAmount - t.investAmount - t.availableBalance) != 0;\n\n\n"

    ]

  ]

}

“I grok in fullness.” Robert A. Heinlein, Stranger in a Strange Land

logstash (?m) 经典例子的更多相关文章

  1. python之路第五篇之递归(进阶篇:续:经典例子剖析)

    递归 在函数内部,可以调用其他函数; 如果一个函数在内部调用自身本身,这个函数就是递归函数. 例如,我们来计算阶乘: n! = 1 x 2 x 3 x ... x n, 用函数f1(n)表示,可以看出 ...

  2. jQuery监听事件经典例子

    关键字:jQuery监听事件经典例子  js代码:  ============================================================  $(function( ...

  3. linux Posix 信号量 三 (经典例子)

    本文将阐述一下信号量的作用及经典例子,当中包括“<越狱>寄信”,“家庭吃水果”,“五子棋”,“接力赛跑”,“读者写者”,“四方恋爱”等 首先,讲 semWait操作(P操作)和semSig ...

  4. sql优化经典例子

    场景 我用的数据库是mysql5.6,下面简单的介绍下场景 课程表 create table Course( c_id int PRIMARY KEY, name varchar(10) ) 数据10 ...

  5. 转:一个经典例子让你彻彻底底理解java回调机制

    一个经典例子让你彻彻底底理解java回调机制 转帖请注明本文出自xiaanming的博客(http://blog.csdn.net/xiaanming/article/details/17483273 ...

  6. Logstash学习1-logstash的简单例子

    如何安装ELK Redis插件 1. 安装好logstash后.2. 最简单的logstash.logstash -e 'input { stdin { } } output { stdout {} ...

  7. 一个经典例子让你彻彻底底理解java回调机制

    转帖请注明本文出自xiaanming的博客(http://blog.csdn.net/xiaanming/article/details/17483273),请尊重他人的辛勤劳动成果,谢谢 所谓回调: ...

  8. 回调--一个经典例子让你彻彻底底理解java回调机制

    本文出自xiaanming的博客(http://blog.csdn.net/xiaanming/article/details/17483273),请尊重他人的辛勤劳动成果,谢谢 以前不理解什么叫回调 ...

  9. 【C语言学习笔记】空间换时间,查表法的经典例子!知识就是这么学到的~

    我们怎么衡量一个函数/代码块/算法的优劣呢?这需要从多个角度看待.本篇笔记我们先不考虑代码可读性.规范性.可移植性那些角度. 在我们嵌入式中,我们需要根据实际资源的情况来设计我们的代码.比如当我们能用 ...

随机推荐

  1. Android 更新UI的两个方法

    Android 更新UI的两个方法 在Android的开发过程中,常常需要适时的更新UI.Androd中的UI是在主线程中更新的.如果在主线程之外的线程中直接更新,就会出现报错并抛出异常: andro ...

  2. Linux下生产者与消费者的线程实现

    代码见<现代操作系统> 第3版. 为了显示效果,添加了printf()函数来显示运行效果 #include<stdio.h> #include<pthread.h> ...

  3. 从实践谈iOS生命周期

    从实践谈iOS生命周期 个人感觉生命周期无论在Android,还是iOS都是很重要的概念,因为在每个声明周期的状态下我们可以做很多预加载或者处理的操作.因此在这里主要总结下ViewController ...

  4. linux 调试

    strace gdb tcpdump valgrind perf

  5. HDU3853

    题意:给R*C的迷宫,起点为1,1 终点为R,C 且给定方格所走方向的概率,分别为原地,下边,右边,求到终点的期望. 思路:既然是求到终点的期望,那么DP代表期望,所以DP[i][j]=原地的概率*D ...

  6. MySql Connector/Net Mysql like 搜索中文的问题(c#和asp.net连接mysql)

    Connector/Net 6.9.8 选择.net/mono即可,不需要安装. 将对应版本的MySql.Data.dll复制到bin目录下即可使用 http://dev.mysql.com/down ...

  7. 条件注释判断浏览器版本<!--[if lt IE 9]>(转载)

    <!--[if !IE]><!--> 除IE外都可识别 <!--<![endif]--> <!--[if IE]> 所有的IE可识别 <![ ...

  8. linux术语解析(持续更新)

    1.linux内核有个版本,分别是 longterm: 提供长期支持的内核版本 stable: 稳定版本 Beta 测试版

  9. hello,boke

    我一名学习软件工程金融服务工程的学生,简单来说就是学习计算机类的,对于自己的介绍,从平时生活中来说吧,我一直处于一种很中规中矩的生活状态里,平时玩玩手机.追追剧.和室友一起去图书馆自习,考前拼命复习两 ...

  10. 简单的js反选,全选,全不选

    <html> <head> <base href="<%=basePath%>"> <title>My JSP 'che ...