时间戳

首页 > 解决方案 > HTTP URL 的 GROK 模式

elasticsearch - HTTP URL 的 GROK 模式

问题描述

试图解析下面的字符串

http://localhost:8080/client/session/login abc.xyz@yahoo.com backendorg具有以下 GROK 模式

%{URIPATHPARAM:url}%{SPACE}%{EMAILADDRESS:email}%{SPACE}%{USERNAME:org}没有得到完整的网址。

{
  "org": "backendorg",
  "url": "//localhost:8080/client/session/login",
  "email": "abc.xyz@zinier.com"
}```
  Anyone could suggest how to get complete URL.

标签: elasticsearchlogstashlogstash-grok

解决方案

GROK 模式:

%{URI:url}%{SPACE}(?<email>[a-zA-Z0-9_.+=:-]+@[0-9A-Za-z][0-9A-Za-z-]{0,62}(?:\.(?:[0-9A-Za-z][0-‌​9A-Za-z-]{0,62}))*)%{SPACE}%{USERNAME:org}

输出:

{
  "url": [
    [
      "http://localhost:8080/client/session/login"
    ]
  ],
  "URIPROTO": [
    [
      "http"
    ]
  ],
  "USER": [
    [
      null
    ]
  ],
  "USERNAME": [
    [
      null
    ]
  ],
  "URIHOST": [
    [
      "localhost:8080"
    ]
  ],
  "IPORHOST": [
    [
      "localhost"
    ]
  ],
  "HOSTNAME": [
    [
      "localhost"
    ]
  ],
  "IP": [
    [
      null
    ]
  ],
  "IPV6": [
    [
      null
    ]
  ],
  "IPV4": [
    [
      null
    ]
  ],
  "port": [
    [
      "8080"
    ]
  ],
  "URIPATHPARAM": [
    [
      "/client/session/login"
    ]
  ],
  "URIPATH": [
    [
      "/client/session/login"
    ]
  ],
  "URIPARAM": [
    [
      null
    ]
  ],
  "SPACE": [
    [
      " ",
      " "
    ]
  ],
  "email": [
    [
      "abc.xyz@yahoo.com"
    ]
  ],
  "org": [
    [
      "backendorg"
    ]
  ]
}

推荐阅读