Logstash自带正则表达式
USERNAME [a-zA-Z0-._-]+
USER %{USERNAME}
INT (?:[+-]?(?:[-]+))
BASE10NUM (?<![-.+-])(?>[+-]?(?:(?:[-]+(?:\.[-]+)?)|(?:\.[-]+)))
NUMBER (?:%{BASE10NUM})
BASE16NUM (?<![-9A-Fa-f])(?:[+-]?(?:0x)?(?:[-9A-Fa-f]+))
BASE16FLOAT \b(?<![-9A-Fa-f.])(?:[+-]?(?:0x)?(?:(?:[-9A-Fa-f]+(?:\.[-9A-Fa-f]*)?)|(?:\.[-9A-Fa-f]+)))\b POSINT \b(?:[-][-]*)\b
NONNEGINT \b(?:[-]+)\b
WORD \b\w+\b
NOTSPACE \S+
SPACE \s*
DATA .*?
GREEDYDATA .*
QUOTEDSTRING (?>(?<!\\)(?>”(?>\\.|[^\\"]+)+”|”"|(?>’(?>\\.|[^\\']+)+’)|”|(?>(?>\\.|[^\]+)+)|`))
UUID [A-Fa-f0-]{}-(?:[A-Fa-f0-]{}-){}[A-Fa-f0-]{} # Networking
MAC (?:%{CISCOMAC}|%{WINDOWSMAC}|%{COMMONMAC})
CISCOMAC (?:(?:[A-Fa-f0-]{}\.){}[A-Fa-f0-]{})
WINDOWSMAC (?:(?:[A-Fa-f0-]{}-){}[A-Fa-f0-]{})
COMMONMAC (?:(?:[A-Fa-f0-]{}:){}[A-Fa-f0-]{})
IPV6 ((([-9A-Fa-f]{,}:){}([-9A-Fa-f]{,}|:))|(([-9A-Fa-f]{,}:){}(:[-9A-Fa-f]{,}|(([-]|[-]\d|\d\d|[-]?\d)(\.([-]|[-]\d|\d\d|[-]?\d)){})|:))|(([-9A-Fa-f]{,}:){}(((:[-9A-Fa-f]{,}){,})|:(([-]|[-]\d|\d\d|[-]?\d)(\.([-]|[-]\d|\d\d|[-]?\d)){})|:))|(([-9A-Fa-f]{,}:){}(((:[-9A-Fa-f]{,}){,})|((:[-9A-Fa-f]{,})?:(([-]|[-]\d|\d\d|[-]?\d)(\.([-]|[-]\d|\d\d|[-]?\d)){}))|:))|(([-9A-Fa-f]{,}:){}(((:[-9A-Fa-f]{,}){,})|((:[-9A-Fa-f]{,}){,}:(([-]|[-]\d|\d\d|[-]?\d)(\.([-]|[-]\d|\d\d|[-]?\d)){}))|:))|(([-9A-Fa-f]{,}:){}(((:[-9A-Fa-f]{,}){,})|((:[-9A-Fa-f]{,}){,}:(([-]|[-]\d|\d\d|[-]?\d)(\.([-]|[-]\d|\d\d|[-]?\d)){}))|:))|(([-9A-Fa-f]{,}:){}(((:[-9A-Fa-f]{,}){,})|((:[-9A-Fa-f]{,}){,}:(([-]|[-]\d|\d\d|[-]?\d)(\.([-]|[-]\d|\d\d|[-]?\d)){}))|:))|(:(((:[-9A-Fa-f]{,}){,})|((:[-9A-Fa-f]{,}){,}:(([-]|[-]\d|\d\d|[-]?\d)(\.([-]|[-]\d|\d\d|[-]?\d)){}))|:)))(%.+)?
IPV4 (?<![-])(?:(?:[-]|[-][-]|[-]?[-]{,})[.](?:[-]|[-][-]|[-]?[-]{,})[.](?:[-]|[-][-]|[-]?[-]{,})[.](?:[-]|[-][-]|[-]?[-]{,}))(?![-])
IP (?:%{IPV6}|%{IPV4})
HOSTNAME \b(?:[-9A-Za-z][-9A-Za-z-]{,})(?:\.(?:[-9A-Za-z][-9A-Za-z-]{,}))*(\.?|\b)
HOST %{HOSTNAME}
IPORHOST (?:%{HOSTNAME}|%{IP})
HOSTPORT (?:%{IPORHOST=~/\./}:%{POSINT}) # paths
PATH (?:%{UNIXPATH}|%{WINPATH})
UNIXPATH (?>/(?>[\w_%!$@:.,-]+|\\.)*)+
TTY (?:/dev/(pts|tty([pq])?)(\w+)?/?(?:[-]+))
WINPATH (?>[A-Za-z]+:|\\)(?:\
^\\?*]*)+
URIPROTO [A-Za-z]+(\+[A-Za-z+]+)?
URIHOST %{IPORHOST}(?::%{POSINT:port})?
# uripath comes loosely from RFC1738, but mostly from what Firefox
# doesn’t turn into %XX
URIPATH (?:/[A-Za-z0-$.+!*'(){},~:;=@#%_\-]*)+
#URIPARAM \?(?:[A-Za-z0-]+(?:=(?:[^&]*))?(?:&(?:[A-Za-z0-]+(?:=(?:[^&]*))?)?)*)?
URIPARAM \?[A-Za-z0-$.+!*’|(){},~@#%&/=:;_?\-\[
]*
URIPATHPARAM %{URIPATH}(?:%{URIPARAM})?
URI %{URIPROTO}://(?:%{USER}(?::[^@]*)?@)?(?:%{URIHOST})?(?:%{URIPATHPARAM})? # Months: January, Feb, , , , December
MONTH \b(?:Jan(?:uary)?|Feb(?:ruary)?|Mar(?:ch)?|Apr(?:il)?|May|Jun(?:e)?|Jul(?:y)?|Aug(?:ust)?|Sep(?:tember)?|Oct(?:ober)?|Nov(?:ember)?|Dec(?:ember)?)\b
MONTHNUM (?:?[-]|[-])
MONTHDAY (?:(?:[-])|(?:[][-])|(?:[])|[-]) # Days: Monday, Tue, Thu, etc…
DAY (?:Mon(?:day)?|Tue(?:sday)?|Wed(?:nesday)?|Thu(?:rsday)?|Fri(?:day)?|Sat(?:urday)?|Sun(?:day)?) # Years?
YEAR (?>\d\d){,}
HOUR (?:[]|[]?[-])
MINUTE (?:[-][-])
# ’′ is a leap second in most time standards and thus is valid.
SECOND (?:(?:[-][-]|)(?:[:.,][-]+)?)
TIME (?!<[-])%{HOUR}:%{MINUTE}(?::%{SECOND})(?![-])
# datestamp is YYYY/MM/DD-HH:MM:SS.UUUU (or something like it)
DATE_US %{MONTHNUM}[/-]%{MONTHDAY}[/-]%{YEAR}
DATE_EU %{MONTHDAY}[./-]%{MONTHNUM}[./-]%{YEAR}
ISO8601_TIMEZONE (?:Z|[+-]%{HOUR}(?::?%{MINUTE}))
ISO8601_SECOND (?:%{SECOND}|)
TIMESTAMP_ISO8601 %{YEAR}-%{MONTHNUM}-%{MONTHDAY}[T ]%{HOUR}:?%{MINUTE}(?::?%{SECOND})?%{ISO8601_TIMEZONE}?
DATE %{DATE_US}|%{DATE_EU}
DATESTAMP %{DATE}[- ]%{TIME}
TZ (?:[PMCE][SD]T|UTC)
DATESTAMP_RFC822 %{DAY} %{MONTH} %{MONTHDAY} %{YEAR} %{TIME} %{TZ}
DATESTAMP_OTHER %{DAY} %{MONTH} %{MONTHDAY} %{TIME} %{TZ} %{YEAR} # Syslog Dates: Month Day HH:MM:SS
SYSLOGTIMESTAMP %{MONTH} +%{MONTHDAY} %{TIME}
PROG (?:[\w._/%-]+)
SYSLOGPROG %{PROG:program}(?:
)?
SYSLOGHOST %{IPORHOST}
SYSLOGFACILITY <%{NONNEGINT:facility}.%{NONNEGINT:priority}>
HTTPDATE %{MONTHDAY}/%{MONTH}/%{YEAR}:%{TIME} %{INT} # Shortcuts
QS %{QUOTEDSTRING} # Log formats
SYSLOGBASE %{SYSLOGTIMESTAMP:timestamp} (?:%{SYSLOGFACILITY} )?%{SYSLOGHOST:logsource} %{SYSLOGPROG}:
COMMONAPACHELOG %{IPORHOST:clientip} %{USER:ident} %{USER:auth}
“(?:%{WORD:verb} %{NOTSPACE:request}(?: HTTP/%{NUMBER:httpversion})?|%{DATA:rawrequest})” %{NUMBER:response} (?:%{NUMBER:bytes}|-)
COMBINEDAPACHELOG %{COMMONAPACHELOG} %{QS:referrer} %{QS:agent} # Log Levels
LOGLEVEL ([A-a]lert|ALERT|[T|t]race|TRACE|[D|d]ebug|DEBUG|[N|n]otice|NOTICE|[I|i]nfo|INFO|[W|w]arn?(?:ing)?|WARN?(?:ING)?|[E|e]rr?(?:or)?|ERR?(?:OR)?|[C|c]rit?(?:ical)?|CRIT?(?:ICAL)?|[F|f]atal|FATAL|[S|s]evere|SEVERE|EMERG(?:ENCY)?|[Ee]merg(?:ency)?)
Logstash自带正则表达式的更多相关文章
- iOS系统自带正则表达式简单运用
//组装一个字符串,把里面的网址解析出来 NSString *urlString = @"sfdshttp://www.baidu.com"; NSError *error; // ...
- JavaScript实现带正则表达式的表单校验(校验成功后跳转)
运行结果: 源代码: 1 <!DOCTYPE html> 2 <html lang="zh"> 3 <head> 4 <meta char ...
- Logstash使用grok过滤nginx日志(二)
在生产环境中,nginx日志格式往往使用的是自定义的格式,我们需要把logstash中的message结构化后再存储,方便kibana的搜索和统计,因此需要对message进行解析. 本文采用grok ...
- logstash 配置文件语法
需要一个配置文件 管理输入.过滤器和输出相关的配置.配置文件内容格式如下: # 输入 input { ... } # 过滤器 filter { ... } # 输出 output { ... } 先来 ...
- 论logstash的玩法(ELK)
本篇文章采用的采用的是logstash-7.7.0版本,主要从如下几个方面介绍 1.logstash是什么,可以用来干啥 2.logstash的基本原理是什么 3.怎么去玩这个elk的组件logsta ...
- 浅尝 Elastic Stack (二) Logstash
一.安装与启动 Logstash 依赖 Java 8 或者 Java 11,需要先安装 JDK 1.1 下载 curl -L -O https://artifacts.elastic.co/downl ...
- ELK技术栈之-Logstash详解
ELK技术栈之-Logstash详解 前言 在第九章节中,我们已经安装好Logstash组件了,并且启动实例测试它的数据输入和输出,但是用的是最简单的控制台标准输入和标准输出,那这节我们就来深入的 ...
- 快速掌握grep命令及正则表达式
Linux系统自带了支持拓展正则表达式的 GNU 版本 grep 工具,所有的Linux发行版中均默认安装grep ,grep 命令被用来检索一台服务器或工作站上任何位置的文本信息,如何在 Linux ...
- iOS之正则表达式的使用
一.什么是正则表达式 正则表达式,又称正规表示法,是对字符串操作的一种逻辑公式.正则表达式可以检测给定的字符串是否符合我们定义的逻辑,也可以从字符串中获取我们想要的特定部分.它可以迅速地用极简单的方式 ...
随机推荐
- yield 举例
示例代码: 神奇的地方在于yield返回的是一个IEumerable,可以直接枚举. // yield-example.cs using System; using System.Collection ...
- linux 安装lnmp
wget -c http://soft.vpser.net/lnmp/lnmp1.4.tar.gz && tar zxf lnmp1.4.tar.gz && cd ln ...
- 常见bootloader介绍
https://blog.csdn.net/weibo1230123/article/details/82716818 http://fasight001.spaces.eepw.com.cn/art ...
- [OpenCV] Image Processing - Grayscale Transform & Histogram
颜色直方图 首先,先介绍一些Hist的基本使用. Ref:[OpenCV]数字图像灰度直方图 官方文档:https://docs.opencv.org/trunk/d8/dbc/tutorial_hi ...
- 使用Socket抓取网页源码
import java.io.BufferedReader; import java.io.IOException; import java.io.InputStreamReader; import ...
- Java重定向输出流实现程序日志
创建一个类,在该类的main主方法中,保存System类的out成员变量为临时变量,然后创建一个新的文件输出流,并把这个输出流设置为System类新的输出流.在程序关键位置输出调试信息,这些调试信息将 ...
- Linux常用命令总结--基础命令
系统信息 1.arch 显示机器的处理器架构(1) 2.uname -m 显示机器的处理器架构(2) 3.lsb_release -a 查看操作系统版本 4.top 查看进程 5.free -m 查看 ...
- Linux+Redis实战教程_day02_Linux系统上安装MySQL
Linux系统上安装MySQL 安装MySQL 卸载自带mysql 查询mysql的安装情况,可以直接使用了 rpm -qa | grep -i mysql –-color 卸载原生的MySQL rp ...
- Centos6.3 下使用 Tomcat-6.0.43 非root用户 部署 生产环境 端口转发方式
一.安装JDK环境 方法一. 官方下载链接 http://www.oracle.com/technetwork/java/javase/downloads/jdk7-downloads-1880260 ...
- 使用CountDownLatch模拟高并发场景
import java.util.concurrent.CountDownLatch; import java.util.concurrent.ExecutorService; import java ...