Filebeat正则表达式的支持是基于RE2的,本文译自 elastic。
Filebeat有几个接受正则表达式的配置选项。例如multiline.pattern
, include_lines
,exclude_lines
,和 exclude_files
所有接受正则表达式。
注意:建议正则放在单引号内,例如'^\[?[0-9][0-9]:?[0-9][0-9]|^[[:graph:]]+'
。
样例 | 描述 |
---|---|
单个字符 | |
x | 单个字符 |
. | 任何字符 |
[xyz] | 字符类 |
[^xyz] | 非字符类 |
[[:alpha:]] | ASCII字符类 |
[[:^alpha:]] | 非ASCII字符类 |
\d | Perl字符类 |
\D | 非Perl字符类 |
\pN | Unicode字符类(一个字母的名称) |
\p{Greek} | Unicode字符类 |
\PN | 非Unicode字符类(一个字母的名称) |
\P{Greek} | 非Unicode字符类 |
复合类型 | |
xy | 且 |
x|y | 或 |
重复类型 | |
x* | 以x开头 |
x+ | 一个或者多个x |
x? | 零或一个x |
x{n,m} | n or n+1 or … or m x, prefer more |
x{n,} | n or more x, prefer more |
x{n} | exactly n x |
x*? | zero or more x, prefer fewer |
x+? | one or more x, prefer fewer |
x?? | zero or one x, prefer zero |
x{n,m}? | n or n+1 or … or m x, prefer fewer |
x{n,}? | n or more x, prefer fewer |
x{n}? | exactly n x |
分组 | |
(re) | numbered capturing group (submatch) |
(?P<name>re) | named & numbered capturing group (submatch) |
(?:re) | non-capturing group |
(?i)abc | set flags within current group, non-capturing |
(?i:re) | set flags during re, non-capturing |
(?i)PaTTeRN | case-insensitive (default false) |
(?m)multiline | multi-line mode: ^ and $ match begin/end line in addition to begin/end text (default false) |
(?s)pattern. | let . match \n (default false) |
(?U)x*abc | ungreedy: swap meaning of x* and x*?, x+ and x+?, etc (default false) |
空字符串 | |
^ | at beginning of text or line (m=true) |
$ | at end of text (like \z not \Z) or line (m=true) |
\A | at beginning of text |
\b | at ASCII word boundary (\w on one side and \W, \A, or \z on the other) |
\B | not at ASCII word boundary |
\z | at end of text |
转义序列 | |
\a | bell (same as \007) |
\f | form feed (same as \014) |
\t | horizontal tab (same as \011) |
\n | newline (same as \012) |
\r | carriage return (same as \015) |
\v | vertical tab character (same as \013) |
\* | literal *, for any punctuation character * |
\123 | octal character code (up to three digits) |
\x7F | two-digit hex character code |
\x{10FFFF} | hex character code |
\Q...\E | literal text ... even if ... has punctuation |
ASCII字符类 | |
[[:alnum:]] | alphanumeric (same as [0-9A-Za-z]) |
[[:alpha:]] | alphabetic (same as [A-Za-z]) |
[[:ascii:]] | ASCII (same as \x00-\x7F]) |
[[:blank:]] | blank (same as [\t ]) |
[[:cntrl:]] | control (same as [\x00-\x1F\x7F]) |
[[:digit:]] | digits (same as [0-9]) |
[[:graph:]] | graphical (same as [!-~] == [A-Za-z0-9!"#$%&'()*+,\-./:;<=>?@[\\\]^_` {|}~]) |
[[:lower:]] | lower case (same as [a-z]) |
[[:print:]] | printable (same as [ -~] == [ [:graph:]]) |
[[:punct:]] | punctuation (same as [!-/:-@[-`{-~]) |
[[:space:]] | whitespace (same as [\t\n\v\f\r ]) |
[[:upper:]] | upper case (same as [A-Z]) |
[[:word:]] | word characters (same as [0-9A-Za-z_]) |
[[:xdigit:]] | hex digit (same as [0-9A-Fa-f]) |
支持Perl字符类 | |
\d | digits (same as [0-9]) |
\D | not digits (same as [^0-9]) |
\s | whitespace (same as [\t\n\f\r ]) |
\S | not whitespace (same as [^\t\n\f\r ]) |
\w | word characters (same as [0-9A-Za-z_]) |
\W | not word characters (same as [^0-9A-Za-z_]) |
实际使用整理,待续...