以下是内容:
Timestamp: 24-03-2016 19:59:11
Title:GetData()
Message: Received request to get data
Machine: LTPN
----------------------------------------
Timestamp: 24-03-2016 20:15:34
Title:GetData()
Message: ERROR [08001] [Microsoft][ODBC SQL Server Driver][DBNETLIB]SQL Server does not exist or access denied.
ERROR [01000] [Microsoft][ODBC SQL Server Driver][DBNETLIB]ConnectionOpen (Connect()).
ERROR [01S00] [Microsoft][ODBC SQL Server Driver]Invalid connection string attribute
Machine: LTPN
----------------------------------------
我需要捕获冒号(:)之后的单词,它们是" GetData()","收到获取数据的请求"," LTPN"我希望有人能帮助我。
通过使用以下正则表达式,我获得了我不想要的全行数据。
^\s*Title:.+ gives "Title:GetData()"
^\s*Message:.+ gives "Message: Received request to get data"
^\s*Machine:.\S+ gives "Machine: LTPN"
但我想要关注输出:
GetData()
Received request to get data
LTPN
答案 0 :(得分:0)
尝试使用后面看...
(?<=Title:).*
或者看起来你想要每个冒号之后的值 - &gt;
(?<=^.*:).*
答案 1 :(得分:0)
请使用括号捕捉您想要的部分,例如^\s*Message:(.+)它将返回Received request to get data
或
/^\s*\w+:(.+)/gm
将更加通用,并且可以一次完成多行。
答案 2 :(得分:0)
我想你需要:
Title:(.*?)\sMessage:\s?(.*?)\sMachine:\s?(.*?)$
正则表达式说明:
Title: matches the characters Title: literally (case insensitive)
1st Capturing group (.*?)
.*? matches any character (except newline)
Quantifier: *? Between zero and unlimited times, as few times as possible, expanding as needed [lazy]
\s match any white space character [\r\n\t\f ]
Message: matches the characters Message: literally (case insensitive)
\s? match any white space character [\r\n\t\f ]
Quantifier: ? Between zero and one time, as many times as possible, giving back as needed [greedy]
2nd Capturing group (.*?)
.*? matches any character (except newline)
Quantifier: *? Between zero and unlimited times, as few times as possible, expanding as needed [lazy]
\s match any white space character [\r\n\t\f ]
Machine: matches the characters Machine: literally (case insensitive)
\s? match any white space character [\r\n\t\f ]
Quantifier: ? Between zero and one time, as many times as possible, giving back as needed [greedy]
3rd Capturing group (.*?)
.*? matches any character (except newline)
Quantifier: *? Between zero and unlimited times, as few times as possible, expanding as needed [lazy]
$ assert position at end of a line
g modifier: global. All matches (don't return on first match)
m modifier: multi-line. Causes ^ and $ to match the begin/end of each line (not only begin/end of string)
i modifier: insensitive. Case insensitive match (ignores case of [a-zA-Z])
答案 3 :(得分:0)
好的,我查看了Logstash文档,发现grok过滤器使用了oniguruma regex。我还在文档中看了一下,我想你可能会为自己做更多工作。试试这个:
php $OPENSHIFT_DATA_DIR/composer.phar update我将完全承认我从未使用过Logstash或grok过滤器,这纯粹来自我在文档中看到的内容。但是看起来匹配语句中冒号后面的值是在值之前的标题,并且看起来某些值已经构建在标题,消息和机器等标题中。
希望它适合你。