Filebeat正则表达式的支持是基于RE2的,本文译自 elastic。
Filebeat有几个接受正则表达式的配置选项。例如multiline.pattern, include_lines,exclude_lines,和 exclude_files所有接受正则表达式。
注意:建议正则放在单引号内,例如'^[?[0-9][0-9]:?[0-9][0-9]|^[[:graph:]] '。
样例 | 描述 |
|---|---|
单个字符 | |
x | 单个字符 |
. | 任何字符 |
[xyz] | 字符类 |
[^xyz] | 非字符类 |
[[:alpha:]] | ASCII字符类 |
[[:^alpha:]] | 非ASCII字符类 |
d | Perl字符类 |
D | 非Perl字符类 |
pN | Unicode字符类(一个字母的名称) |
p{Greek} | Unicode字符类 |
PN | 非Unicode字符类(一个字母的名称) |
P{Greek} | 非Unicode字符类 |
复合类型 | |
xy | 且 |
x|y | 或 |
重复类型 | |
x* | 以x开头 |
x | 一个或者多个x |
x? | 零或一个x |
x{n,m} | n or n 1 or … or m x, prefer more |
x{n,} | n or more x, prefer more |
x{n} | exactly n x |
x*? | zero or more x, prefer fewer |
x ? | one or more x, prefer fewer |
x?? | zero or one x, prefer zero |
x{n,m}? | n or n 1 or … or m x, prefer fewer |
x{n,}? | n or more x, prefer fewer |
x{n}? | exactly n x |
分组 | |
(re) | numbered capturing group (submatch) |
(?P<name>re) | named & numbered capturing group (submatch) |
(?:re) | non-capturing group |
(?i)abc | set flags within current group, non-capturing |
(?i:re) | set flags during re, non-capturing |
(?i)PaTTeRN | case-insensitive (default false) |
(?m)multiline | multi-line mode: ^ and $ match begin/end line in addition to begin/end text (default false) |
(?s)pattern. | let . match n (default false) |
(?U)x*abc | ungreedy: swap meaning of x* and x*?, x and x ?, etc (default false) |
空字符串 | |
^ | at beginning of text or line (m=true) |
$ | at end of text (like z not Z) or line (m=true) |
A | at beginning of text |
b | at ASCII word boundary (w on one side and W, A, or z on the other) |
B | not at ASCII word boundary |
z | at end of text |
转义序列 | |
a | bell (same as �07) |
f | form feed (same as �14) |
t | horizontal tab (same as �11) |
n | newline (same as �12) |
r | carriage return (same as �15) |
v | vertical tab character (same as �13) |
* | literal *, for any punctuation character * |
123 | octal character code (up to three digits) |
x7F | two-digit hex character code |
x{10FFFF} | hex character code |
Q...E | literal text ... even if ... has punctuation |
ASCII字符类 | |
[[:alnum:]] | alphanumeric (same as [0-9A-Za-z]) |
[[:alpha:]] | alphabetic (same as [A-Za-z]) |
[[:ascii:]] | ASCII (same as x00-x7F]) |
[[:blank:]] | blank (same as [t ]) |
[[:cntrl:]] | control (same as [x00-x1Fx7F]) |
[[:digit:]] | digits (same as [0-9]) |
[[:graph:]] | graphical (same as [!-~] == [A-Za-z0-9!"#$%&'()* ,-./:;<=>?@[\]^_` {|}~]) |
[[:lower:]] | lower case (same as [a-z]) |
[[:print:]] | printable (same as [ -~] == [ [:graph:]]) |
[[:punct:]] | punctuation (same as [!-/:-@[-`{-~]) |
[[:space:]] | whitespace (same as [tnvfr ]) |
[[:upper:]] | upper case (same as [A-Z]) |
[[:word:]] | word characters (same as [0-9A-Za-z_]) |
[[:xdigit:]] | hex digit (same as [0-9A-Fa-f]) |
支持Perl字符类 | |
d | digits (same as [0-9]) |
D | not digits (same as [^0-9]) |
s | whitespace (same as [tnfr ]) |
S | not whitespace (same as [^tnfr ]) |
w | word characters (same as [0-9A-Za-z_]) |
W | not word characters (same as [^0-9A-Za-z_]) |
实际使用整理,待续...
