nginx log format:
log_format main '$remote_addr - $remote_user [$time_local] '
'"$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent" '
'"$upstream_http_x_sticky_vk" "$cookie_UID" "$upstream_cookie_UID" '
'$request_time $upstream_response_time '
'"$traffic_quality"';
grok pattern:
%{IP:ip} - - \[%{HTTPDATE:time}\] \"%{WORD:method} %{URIPATHPARAM:request} HTTP/%{NUMBER:http_version}\" %{NUMBER:http_status_code} %{NUMBER:size} \"(?<http_referer>\S+)\" %{QS:http_user_agent} \"(?<upstream_http_x_sticky_vk>\S+)\" \"(?<cookie_UID>\S+)\" \"(?<upstream_cookie_UID>\S+)\" %{NUMBER:request_time} %{NUMBER:upstream_response_time} \"(?<traffic_quality>\S+)\"
/abc/def/123/456 将斜杠之间的数字单独解析出来
解析:123
正则:(?<=\/abc\/def\/)\d*)
解析:456
正则: (?<=/openrtb/mrm/\d{2}/)\d*)