regexrubyfluentd
Multi-Line Log File Parsing with Ruby Regex in FluentD
I've got a log that has lines like this:
6/10/2022 10:06:16.908 | INFO | CLASS | BlankStart,15,1,2
But sometimes, the log msg is a long json blob over multiple lines.
Example bag log line:
6/10/2022 10:06:16.908 | INFO | CLASS | Obj: { "test": false,
"reso": true }
Full example w/ 3 matches:
6/10/2022 10:06:16.908 | INFO | CLASS | BlankStart,15,1,2
6/10/2022 10:06:16.908 | INFO | CLASS | Obj: { "test": false,
"reso": true }
6/10/2022 10:06:16.908 | INFO | CLASS | BlankStart,15,1,2
Here is my Regex as it stands, which I added 'strict' date checking for new lines to, for now, just get the end of the msg and ignore the multi lines.
(?<time>^\d{1,2}\/\d{1,2}\/\d{4}\s\d{2}:\d{2}:\d{2}.\d+)...(?<type>.[^| ]*)...(?<class>.[^| ]*)..(?<msg>.*)
In the fluent docs they talk about using \m, but I can't understand how to use this in the Regex correctly.
https://docs.fluentd.org/parser/regexp#multiline
Solution
Switching from regex to multiline in the parse section made things much better. I was able to define the "start of a log format" and it understood to continue the last log for each line until a match was received for a new "start of a log".
<parse>
@type multiline
format_firstline /\d{1,2}\/\d{1,2}\/\d{4}\s\d{2}:\d{2}:\d{2}.\d+/
format1 /^(?<time>\d{1,2}\/\d{1,2}\/\d{4}\s\d{2}:\d{2}:\d{2}.\d+)...(?<type>.[^| ]*)...(?<class>.[^| ]*)..(?<msg>.*)/
</parse>
- Validate user input string only contains letters, numbers, and underscores
- How escape characters in a variable to be used in a regex pattern?
- How to make preg_match() match more than once?
- Use grep to match a pattern in a line only once
- Validate that a string contains only space-delimited alphanumeric words which do not start with a digit
- Match parenthetical expressions in a string
- Regex matching "|" separated values for Union types
- Regex for whitespace delimiter except for [ and ] characters
- Matching a fixed position in a string using C++ regex
- Get video id from the url path of an <iframe>'s src value
- What is proper RegEx expression for SWIFT codes?
- Java regular expression for multiple matchers
- Get the number from inside of online javascript function call within an HTML element
- How to Bookmark Normal and Decimal Percentage Numbers in Notepad++?
- How to convert oracle regex pattern into Databricks compatible version?
- avoiding interference between slugs and controller or plugin names in cakephp 2.x router
- How to parse and capture any measurement unit
- Validate a potentially multibyte string to have a minimum length and contain only whitelisted characters
- Validate if a string is alphanumeric
- Get all integers which follow certain symbols in a string with multiple delimiters
- How to regex compare a string in dash?
- How to match regexp with ash?
- Extract float/double value
- How to write a Regex that targets the first match in each line only?
- Regex any ASCII character
- How to match {0} but allowing proper escape?
- Php put a space in front of capitals in a string (Regex)
- Get the leading float value from a string
- Find everything between two XML tags with RegEx
- Extract mileage value from an eBay webpages