Grok解析不报错, 但是有些字段拿不到值 #28

childe · 2016-12-06T08:39:01Z

^%{SYSLOGTIMESTAMP:logtime} %{IP:device_ip} %{DATE}:%{TIME} %{WORD} %{WORD:device_ci} %{DATA:message}$

如果中间有 %{DATE} 或者其它一些预定义Pattern, 后面的字段取不到值.

childe · 2016-12-06T08:40:17Z

暂时的解决方案是
改成 (?:%{DATE}:%{TIME})

githubnovee · 2017-10-10T09:51:12Z

abc|xxx|20171010|tt|5.82.001
abc|xxx|20171010|tt|5.82.002|dd

有多行不统一字段，这种5.82.001，5.82.002怎么用grok匹配，好像这样匹配version为空
'^%{DATA:t1}|%{DATA:t2}|%{DATA:t3}|%{DATA:t4}|%{DATA:version}'

childe · 2017-10-12T03:37:59Z

^%{DATA:t1}\|%{DATA:t2}\|%{DATA:t3}\|%{DATA:t4}\|%{DATA:version}(\||$)

这个是纯正则问题, 建议新开issue

childe self-assigned this Dec 6, 2016

childe added the bug label Dec 6, 2016

childe closed this as completed Oct 12, 2017

childe reopened this Oct 12, 2017

childe closed this as completed Dec 15, 2018

Provide feedback