Filebeat对正则表达式的支持

最新推荐文章于 2024-05-02 19:28:17 发布

weixin_33877885

最新推荐文章于 2024-05-02 19:28:17 发布

阅读量3.5k

点赞数

文章标签：运维 python

原文链接：https://my.oschina.net/openplus/blog/1591317

版权

2019独角兽企业重金招聘Python工程师标准>>>

Filebeat正则表达式的支持是基于RE2的,本文译自 elastic。

Filebeat有几个接受正则表达式的配置选项。例如multiline.pattern， include_lines，exclude_lines，和 exclude_files所有接受正则表达式。

注意：建议正则放在单引号内，例如'^\[?[0-9][0-9]:?[0-9][0-9]|^[[:graph:]]+'。

样例	描述
单个字符
`x`	单个字符
`.`	任何字符
`[xyz]`	字符类
`[^xyz]`	非字符类
`[[:alpha:]]`	ASCII字符类
`[[:^alpha:]]`	非ASCII字符类
`\d`	Perl字符类
`\D`	非Perl字符类
`\pN`	Unicode字符类(一个字母的名称)
`\p{Greek}`	Unicode字符类
`\PN`	非Unicode字符类(一个字母的名称)
`\P{Greek}`	非Unicode字符类
复合类型
`xy`	且
`x\|y`	或
重复类型
`x*`	以x开头
`x+`	一个或者多个x
`x?`	零或一个x
`x{n,m}`	`n` or `n+1` or … or `m` `x`, prefer more
`x{n,}`	`n` or more `x`, prefer more
`x{n}`	exactly `n` `x`
`x*?`	zero or more `x`, prefer fewer
`x+?`	one or more `x`, prefer fewer
`x??`	zero or one `x`, prefer zero
`x{n,m}?`	`n` or `n+1` or … or `m` `x`, prefer fewer
`x{n,}?`	`n` or more `x`, prefer fewer
`x{n}?`	exactly `n` `x`
分组
`(re)`	numbered capturing group (submatch)
`(?P<name>re)`	named & numbered capturing group (submatch)
`(?:re)`	non-capturing group
`(?i)abc`	set flags within current group, non-capturing
`(?i:re)`	set flags during re, non-capturing
`(?i)PaTTeRN`	case-insensitive (default false)
`(?m)multiline`	multi-line mode: `^` and `$` match begin/end line in addition to begin/end text (default false)
`(?s)pattern.`	let `.` match `\n` (default false)
`(?U)x*abc`	ungreedy: swap meaning of `x` and `x?`, `x+` and `x+?`, etc (default false)
空字符串
`^`	at beginning of text or line (`m`=true)
`$`	at end of text (like `\z` not `\Z`) or line (`m`=true)
`\A`	at beginning of text
`\b`	at ASCII word boundary (`\w` on one side and `\W`, `\A`, or `\z` on the other)
`\B`	not at ASCII word boundary
`\z`	at end of text
转义序列
`\a`	bell (same as `\007`)
`\f`	form feed (same as `\014`)
`\t`	horizontal tab (same as `\011`)
`\n`	newline (same as `\012`)
`\r`	carriage return (same as `\015`)
`\v`	vertical tab character (same as `\013`)
`\*`	literal ``, for any punctuation character ``
`\123`	octal character code (up to three digits)
`\x7F`	two-digit hex character code
`\x{10FFFF}`	hex character code
`\Q...\E`	literal text `...` even if `...` has punctuation
ASCII字符类
`[[:alnum:]]`	alphanumeric (same as `[0-9A-Za-z]`)
`[[:alpha:]]`	alphabetic (same as `[A-Za-z]`)
`[[:ascii:]]`	ASCII (same as `\x00-\x7F]`)
`[[:blank:]]`	blank (same as `[\t ]`)
`[[:cntrl:]]`	control (same as `[\x00-\x1F\x7F]`)
`[[:digit:]]`	digits (same as `[0-9]`)
`[[:graph:]]`	graphical (same as [!-~] == [A-Za-z0-9!"#$%&'()*+,\-./:;<=>?@[\\\]^_` `{\|}~]`)
`[[:lower:]]`	lower case (same as `[a-z]`)
`[[:print:]]`	printable (same as `[ -~] == [ [:graph:]]`)
`[[:punct:]]`	punctuation (same as [!-/:-@[-`{-~])
`[[:space:]]`	whitespace (same as `[\t\n\v\f\r ]`)
`[[:upper:]]`	upper case (same as `[A-Z]`)
`[[:word:]]`	word characters (same as `[0-9A-Za-z_]`)
`[[:xdigit:]]`	hex digit (same as `[0-9A-Fa-f]`)
支持Perl字符类
`\d`	digits (same as `[0-9]`)
`\D`	not digits (same as `[^0-9]`)
`\s`	whitespace (same as `[\t\n\f\r ]`)
`\S`	not whitespace (same as `[^\t\n\f\r ]`)
`\w`	word characters (same as `[0-9A-Za-z_]`)
`\W`	not word characters (same as `[^0-9A-Za-z_]`)