Good day! I have logs of this format:
[14-10-2016 00:00:04,004 INFO WebService:1603] [172.16.1.10] [0000077000013] [ID=N0000077000013] [N=147639237688] REQUEST getStatus
I came up to this regex:
/(?<time>\d{1,2}-\d{1,2}-\d{4} \d{1,2}:\d{1,2}:\d{1,2},\d{3}) (?<message1>[=]+) .(?<ID>ID=\w*) .(?<N>N=\w*) (?<messages>.*)/
I want to identify date, part from INFO till ID=, ID, N, and last part, but fluentd returns me "pattern not match". Each part of regex is working separately on fluentular regex testing site.
What would be a regex? Thank you.
You may use
(?<time>\d{1,2}-\d{1,2}-\d{4} +\d{1,2}:\d{1,2}:\d{1,2},\d{3}) +(?<message1>[A-Z]+) .*\[ID=(?<ID>\w+)] +\[N=(?<N>\w+)] (?<messages>.*)
See the regex demo
Note that I added + after the spaces to match 1 or more occurrences, and adjusted group boundaries for ID and N groups.
Also, your message1 group pattern [=]+ matches 1+ = symbols, while you have INFO string there. I changed it to [A-Z]+ to match 1 or more uppercase ASCII letters.
And finally, since there is text between group message1 and ID, you need to make sure to consume those characters, thus, I used .* (any 0+ chars other than linebreak symbols).