问题
I am attempting to write a grok expression that will result in multiple matches. I'm parsing a line that has 5 repetitions of the same pattern.
I've been able to make a simple pattern with a regex that will return multiple matches but it seems that Grok doesn't work that way. I don't really understand Ruby so I haven't really inspected the code.
Example input:
222444555
Pattern:
(?<number>\d{3})*
I would have expected output like this:
"number" : [
[
"222", "444", "555"
]
]
or something like that. Is this possible in Grok? I know I could just repeat the pattern three times, but on some lines there are an unknown number of repetitions.
Any pointers?
回答1:
I took a different approach. I used grok to extract the part of the line that was repeating. Then I used a ruby {} filter to chop the line up into parts using the scan function:
ruby {
code => "event.put('segment', event.get('segments').scan(/.{3}/))
}
That worked really well as it created an array in the segment property, then followed by split {} on that field I got the multiple events that I wanted.
来源:https://stackoverflow.com/questions/41385831/logstash-grok-pattern-with-multiple-matches