zoukankan      html  css  js  c++  java

  • (?m)

    centos6.5:/root/sbin#cat -n vv
     1	192.168.11.186,192.168.11.187	35199,3306	Dec  7, 2016 11:40:02.750520978		SELECT 
     2	    r.trx_id waiting_trx_id,x0a    r.trx_mysql_thread_id waiting_thread,x0a   r.trx_query waiting_query,x0a    b.trx_id blocking_trx_id,x0a    b.trx_mysql_thread_id blocking_thread,x0a    b.trx_query blocking_queryx0aFROMx0a    information_schema.innodb_lock_waits wx0a        INNER JOINx0a    information_schema.innodb_trx b ON b.trx_id = w.blocking_trx_idx0a        INNER JOINx0a    information_schema.innodb_trx r ON r.trx_id = w.requesting_trx_id



此时分为2行

%{IPORHOST:clientip},%{IPORHOST:serverip}s+(?<client_port>S+),(?<server_port>S+)s+(?<time>(S+s+).*?[0-9]{2}:[0-9]{2}:[0-9]{2}.d+)s+(?<running_sql>(S+s+).*)


{
  "clientip": [
    [
      "192.168.11.186"
    ]
  ],
  "serverip": [
    [
      "192.168.11.187"
    ]
  ],
  "client_port": [
    [
      "35199"
    ]
  ],
  "server_port": [
    [
      "3306"
    ]
  ],
  "time": [
    [
      "Dec  7, 2016 11:40:02.750520978"
    ]
  ],
  "running_sql": [
    [
      "SELECT 
    r.trx_id waiting_trx_id,\x0a    r.trx_mysql_thread_id waiting_thread,\x0a   r.trx_query waiting_query,\x0a    b.trx_id blocking_trx_id,\x0a    b.trx_mysql_thread_id blocking_thread,\x0a    b.trx_query blocking_query\x0aFROM\x0a    information_schema.innodb_lock_waits w\x0a        INNER JOIN\x0a    information_schema.innodb_trx b ON b.trx_id = w.blocking_trx_id\x0a        INNER JOIN\x0a    information_schema.innodb_trx r ON r.trx_id = w.requesting_trx_id"
    ]
  ]
}


此时可以玩转匹配


/*************
centos6.5:/root/sbin#cat -n dd
     1	192.168.11.186,192.168.11.187	35199,3306	Dec  7, 2016 11:40:02.750520978		SELECT 
     2	    r.trx_id waiting_trx_id,x0a    r.trx_mysql_thread_id waiting_thread,x0a   r.trx_query waiting_query,x0a    b.trx_id blocking_trx_id,x0a    b.trx_mysql_thread_id blocking_thread,x0a    b.trx_query blocking_queryx0aFROMx0a   
     3	 information_schema.innodb_lock_waits wx0a        INNER JOINx0a    information_schema.innodb_trx b ON b.trx_id = w.blocking_trx_idx0a        INNER JOINx0a    information_schema.innodb_trx r ON r.trx_id = w.requesting_trx_id


换成3行

此时
{
  "clientip": [
    [
      "192.168.11.186"
    ]
  ],
  "serverip": [
    [
      "192.168.11.187"
    ]
  ],
  "client_port": [
    [
      "35199"
    ]
  ],
  "server_port": [
    [
      "3306"
    ]
  ],
  "time": [
    [
      "Dec  7, 2016 11:40:02.750520978"
    ]
  ],
  "running_sql": [
    [
      "SELECT 
    r.trx_id waiting_trx_id,\x0a    r.trx_mysql_thread_id waiting_thread,\x0a   r.trx_query waiting_query,\x0a    b.trx_id blocking_trx_id,\x0a    b.trx_mysql_thread_id blocking_thread,\x0a    b.trx_query blocking_query\x0aFROM\x0a   "
    ]
  ]
}

匹配不完整了


需要
(?m)%{IPORHOST:clientip},%{IPORHOST:serverip}s+(?<client_port>S+),(?<server_port>S+)s+(?<time>(S+s+).*?[0-9]{2}:[0-9]{2}:[0-9]{2}.d+)s+(?<running_sql>(S+s+).*)

在和 codec/multiline 搭配使用的时候,需要注意一个问题,


grok 正则和普通正则一样,默认是不支持匹配回车换行的。

就像你需要 =~ //m 一样也需要单独指定,具体写法是在表达式开始位置加 (?m) 标记。如下所示:
  • 相关阅读:
    虚拟ip配置
    file命令
    df 和du 命令统计磁盘空间不准确
    硬件防火墙品牌排名
    042_翻转单词顺序
    hdu 5057 Argestes and Sequence
    Python+Django+SAE系列教程11-----request/pose/get/表单
    管道(Pipe)/createPipe
    Java的递归算法
    墨菲定律、二八法则、马太效应、手表定理、“不值得”定律、彼得原理、零和游戏、华盛顿合作规律、酒与污水定律、水桶定律、蘑菇管理原理、钱的问题、奥卡姆剃刀等13条是左右人生的金科玉律
  • 原文地址:https://www.cnblogs.com/hzcya1995/p/13349980.html
Copyright © 2011-2022 走看看