1

Good day! I have logs of this format:

[14-10-2016 00:00:04,004  INFO WebService:1603] [172.16.1.10] [0000077000013] [ID=N0000077000013] [N=147639237688] REQUEST getStatus

I came up to this regex:

 /(?<time>\d{1,2}-\d{1,2}-\d{4} \d{1,2}:\d{1,2}:\d{1,2},\d{3}) (?<message1>[=]+) .(?<ID>ID=\w*) .(?<N>N=\w*) (?<messages>.*)/

I want to identify date, part from INFO till ID=, ID, N, and last part, but fluentd returns me "pattern not match". Each part of regex is working separately on fluentular regex testing site.

What would be a regex? Thank you.

Improve this question
2
  • Try (?<time>\d{1,2}-\d{1,2}-\d{4} +\d{1,2}:\d{1,2}:\d{1,2},\d{3}) +(?<message1>[A-Z]+) .*\[ID=(?<ID>\w+)] +\[N=(?<N>\w+)] (?<messages>.*) Commented Oct 18, 2016 at 10:16
  • Thank you Wiktor, it's working. Commented Oct 19, 2016 at 8:03

1 Answer 1

Reset to default
1

You may use

(?<time>\d{1,2}-\d{1,2}-\d{4} +\d{1,2}:\d{1,2}:\d{1,2},\d{3}) +(?<message1>[A-Z]+) .*\[ID=(?<ID>\w+)] +\[N=(?<N>\w+)] (?<messages>.*)

See the regex demo

Note that I added + after the spaces to match 1 or more occurrences, and adjusted group boundaries for ID and N groups.

Also, your message1 group pattern [=]+ matches 1+ = symbols, while you have INFO string there. I changed it to [A-Z]+ to match 1 or more uppercase ASCII letters.

And finally, since there is text between group message1 and ID, you need to make sure to consume those characters, thus, I used .* (any 0+ chars other than linebreak symbols).

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.