• (?m)

    centos6.5:/root/sbin#cat -n vv
     1	192.168.11.186,192.168.11.187	35199,3306	Dec  7, 2016 11:40:02.750520978		SELECT 
     2	    r.trx_id waiting_trx_id,x0a    r.trx_mysql_thread_id waiting_thread,x0a   r.trx_query waiting_query,x0a    b.trx_id blocking_trx_id,x0a    b.trx_mysql_thread_id blocking_thread,x0a    b.trx_query blocking_queryx0aFROMx0a    information_schema.innodb_lock_waits wx0a        INNER JOINx0a    information_schema.innodb_trx b ON b.trx_id = w.blocking_trx_idx0a        INNER JOINx0a    information_schema.innodb_trx r ON r.trx_id = w.requesting_trx_id



此时分为2行

%{IPORHOST:clientip},%{IPORHOST:serverip}s+(?<client_port>S+),(?<server_port>S+)s+(?<time>(S+s+).*?[0-9]{2}:[0-9]{2}:[0-9]{2}.d+)s+(?<running_sql>(S+s+).*)


{
  "clientip": [
    [
      "192.168.11.186"
    ]
  ],
  "serverip": [
    [
      "192.168.11.187"
    ]
  ],
  "client_port": [
    [
      "35199"
    ]
  ],
  "server_port": [
    [
      "3306"
    ]
  ],
  "time": [
    [
      "Dec  7, 2016 11:40:02.750520978"
    ]
  ],
  "running_sql": [
    [
      "SELECT 
    r.trx_id waiting_trx_id,\x0a    r.trx_mysql_thread_id waiting_thread,\x0a   r.trx_query waiting_query,\x0a    b.trx_id blocking_trx_id,\x0a    b.trx_mysql_thread_id blocking_thread,\x0a    b.trx_query blocking_query\x0aFROM\x0a    information_schema.innodb_lock_waits w\x0a        INNER JOIN\x0a    information_schema.innodb_trx b ON b.trx_id = w.blocking_trx_id\x0a        INNER JOIN\x0a    information_schema.innodb_trx r ON r.trx_id = w.requesting_trx_id"
    ]
  ]
}


此时可以玩转匹配


/*************
centos6.5:/root/sbin#cat -n dd
     1	192.168.11.186,192.168.11.187	35199,3306	Dec  7, 2016 11:40:02.750520978		SELECT 
     2	    r.trx_id waiting_trx_id,x0a    r.trx_mysql_thread_id waiting_thread,x0a   r.trx_query waiting_query,x0a    b.trx_id blocking_trx_id,x0a    b.trx_mysql_thread_id blocking_thread,x0a    b.trx_query blocking_queryx0aFROMx0a   
     3	 information_schema.innodb_lock_waits wx0a        INNER JOINx0a    information_schema.innodb_trx b ON b.trx_id = w.blocking_trx_idx0a        INNER JOINx0a    information_schema.innodb_trx r ON r.trx_id = w.requesting_trx_id


换成3行

此时
{
  "clientip": [
    [
      "192.168.11.186"
    ]
  ],
  "serverip": [
    [
      "192.168.11.187"
    ]
  ],
  "client_port": [
    [
      "35199"
    ]
  ],
  "server_port": [
    [
      "3306"
    ]
  ],
  "time": [
    [
      "Dec  7, 2016 11:40:02.750520978"
    ]
  ],
  "running_sql": [
    [
      "SELECT 
    r.trx_id waiting_trx_id,\x0a    r.trx_mysql_thread_id waiting_thread,\x0a   r.trx_query waiting_query,\x0a    b.trx_id blocking_trx_id,\x0a    b.trx_mysql_thread_id blocking_thread,\x0a    b.trx_query blocking_query\x0aFROM\x0a   "
    ]
  ]
}

匹配不完整了


需要
(?m)%{IPORHOST:clientip},%{IPORHOST:serverip}s+(?<client_port>S+),(?<server_port>S+)s+(?<time>(S+s+).*?[0-9]{2}:[0-9]{2}:[0-9]{2}.d+)s+(?<running_sql>(S+s+).*)

在和 codec/multiline 搭配使用的时候,需要注意一个问题,


grok 正则和普通正则一样,默认是不支持匹配回车换行的。

就像你需要 =~ //m 一样也需要单独指定,具体写法是在表达式开始位置加 (?m) 标记。如下所示:
  • 相关阅读:
    ## js 性能 (未完。。。)
    React 创建元素的几种方式
    Json 与 javascript 对象的区别
    js 基本数据类型
    第十三章 事件
    第十二章 DOM2和DOM3
    第十一章 DOM扩展
    第十章 DOM
    第八章 BOM
    第七章 函数表达式
  • 原文地址:https://www.cnblogs.com/zhaoyangjian724/p/6198935.html
Copyright © 2020-2023  润新知