zoukankan      html  css  js  c++  java
  • logstash (?m) 经典例子

    在和 codec/multiline 搭配使用的时候,需要注意一个问题,grok 正则和普通正则一样,默认是不支持匹配回车换行的。就像你需要 =~ //m 一样也需要单独指定,具体写法是在表达式开始位置加 (?m) 标记。
    
    
    s  空格,和 [
    	
    f] 语法一样 
    
    (s*S+s*).* 匹配0个或者多个前导字符
     
    
    简单demo:
    
     SELECT t.*  FROM
     	    (
     			SELECT 
     			t1.sn AS clientSn,
     			t1.userNick,
     			t1.mobilePhone,
     			t3.personName,
     			t2.availableBalance,
     			(SELECT IFNULL(SUM(amount) , 0) FROM ClientRechargeOrder t WHERE t.clientSn= t1.sn AND t.status ='2') AS rechargeAmount,
     			(SELECT IFNULL(SUM(amount) , 0) FROM ClientWithDrawOrder t WHERE t.clientSn= t1.sn AND t.status IN ('1','2','3','4') ) AS withdrawAmount,
     			( (SELECT IFNULL(SUM(capitalBalance) , 0) FROM ProductRepayment t WHERE t.clientSn= t1.sn AND t.status= '1') 
     			  + 
     			  (SELECT IFNULL(SUM(capitalBalance) , 0) FROM VirtualProductOrder t WHERE t.clientSn= t1.sn AND t.status= '1')  
     			) AS investAmount,
     			( (SELECT IFNULL(SUM(yieldBalance) , 0) FROM ProductRepayment t WHERE t.clientSn= t1.sn AND t.status= '2') 
     			  + 
     			  (SELECT IFNULL(SUM(yieldBalance) , 0) FROM VirtualProductOrder t WHERE t.clientSn= t1.sn AND t.status= '2')  
     			) AS yieldAmount,
     			(SELECT IFNULL(SUM(t0.amount) , 0) FROM ClientCoupon t,Coupon t0 WHERE t.clientSn= t1.sn AND t.status = '2' AND t.couponSn = t0.sn AND t0.type IN (1,2)) AS cashCouponAmount
     			FROM  Client t1 , ClientAssetInfo t2 , ClientPersonalInfo t999
     			WHERE t1.sn = t2.clientSn AND t1.sn = t3.clientSn
     	    ) t  WHERE (t.rechargeAmount + t.yieldAmount + t.cashCouponAmount - t.withdrawAmount - t.investAmount - t.availableBalance) != 0;
    
    
    
    
    正则表达式;
    s*(?<query>(s*S+s*).*)s*
    
    匹配结果:
    {
      "query": [
        [
          "SELECT t.*  FROM"
        ]
      ]
    }
    
    ////////////////////////////////////
    
    正则表达式:
    (?m)s*(?<query>(s*S+s*).*)s*
    
    
    匹配结果:
    
    
    
    {
      "query": [
        [
          "SELECT t.*  FROM
     	    (
     			SELECT 
     			t1.sn AS clientSn,
     			t1.userNick,
     			t1.mobilePhone,
     			t3.personName,
     			t2.availableBalance,
     			(SELECT IFNULL(SUM(amount) , 0) FROM ClientRechargeOrder t WHERE t.clientSn= t1.sn AND t.status ='2') AS rechargeAmount,
     			(SELECT IFNULL(SUM(amount) , 0) FROM ClientWithDrawOrder t WHERE t.clientSn= t1.sn AND t.status IN ('1','2','3','4') ) AS withdrawAmount,
     			( (SELECT IFNULL(SUM(capitalBalance) , 0) FROM ProductRepayment t WHERE t.clientSn= t1.sn AND t.status= '1') 
     			  + 
     			  (SELECT IFNULL(SUM(capitalBalance) , 0) FROM VirtualProductOrder t WHERE t.clientSn= t1.sn AND t.status= '1')  
     			) AS investAmount,
     			( (SELECT IFNULL(SUM(yieldBalance) , 0) FROM ProductRepayment t WHERE t.clientSn= t1.sn AND t.status= '2') 
     			  + 
     			  (SELECT IFNULL(SUM(yieldBalance) , 0) FROM VirtualProductOrder t WHERE t.clientSn= t1.sn AND t.status= '2')  
     			) AS yieldAmount,
     			(SELECT IFNULL(SUM(t0.amount) , 0) FROM ClientCoupon t,Coupon t0 WHERE t.clientSn= t1.sn AND t.status = '2' AND t.couponSn = t0.sn AND t0.type IN (1,2)) AS cashCouponAmount
     			FROM  Client t1 , ClientAssetInfo t2 , ClientPersonalInfo t999
     			WHERE t1.sn = t2.clientSn AND t1.sn = t3.clientSn
     	    ) t  WHERE (t.rechargeAmount + t.yieldAmount + t.cashCouponAmount - t.withdrawAmount - t.investAmount - t.availableBalance) != 0;
    
    
    "
        ]
      ]
    }
    
    
    
    
    
    
    
    
    继续测试;
    
    表达式;
    
    s*(?<query>(S+
    *).*)s*
    
    
    输出:
    
    {
      "query": [
        [
          "SELECT t.*  FROM"
        ]
      ]
    }
    
    正则:
    (?m)s*(?<query>(S+
    *).*)s*
    
    
    Grok Debugger
    
        Debugger
        Discover
        Patterns
    
    Add custom patterns Keep Empty Captures Named Captures Only Singles Autocomplete  
    
    {
      "query": [
        [
          "SELECT t.*  FROM
     	    (
     			SELECT 
     			t1.sn AS clientSn,
     			t1.userNick,
     			t1.mobilePhone,
     			t3.personName,
     			t2.availableBalance,
     			(SELECT IFNULL(SUM(amount) , 0) FROM ClientRechargeOrder t WHERE t.clientSn= t1.sn AND t.status ='2') AS rechargeAmount,
     			(SELECT IFNULL(SUM(amount) , 0) FROM ClientWithDrawOrder t WHERE t.clientSn= t1.sn AND t.status IN ('1','2','3','4') ) AS withdrawAmount,
     			( (SELECT IFNULL(SUM(capitalBalance) , 0) FROM ProductRepayment t WHERE t.clientSn= t1.sn AND t.status= '1') 
     			  + 
     			  (SELECT IFNULL(SUM(capitalBalance) , 0) FROM VirtualProductOrder t WHERE t.clientSn= t1.sn AND t.status= '1')  
     			) AS investAmount,
     			( (SELECT IFNULL(SUM(yieldBalance) , 0) FROM ProductRepayment t WHERE t.clientSn= t1.sn AND t.status= '2') 
     			  + 
     			  (SELECT IFNULL(SUM(yieldBalance) , 0) FROM VirtualProductOrder t WHERE t.clientSn= t1.sn AND t.status= '2')  
     			) AS yieldAmount,
     			(SELECT IFNULL(SUM(t0.amount) , 0) FROM ClientCoupon t,Coupon t0 WHERE t.clientSn= t1.sn AND t.status = '2' AND t.couponSn = t0.sn AND t0.type IN (1,2)) AS cashCouponAmount
     			FROM  Client t1 , ClientAssetInfo t2 , ClientPersonalInfo t999
     			WHERE t1.sn = t2.clientSn AND t1.sn = t3.clientSn
     	    ) t  WHERE (t.rechargeAmount + t.yieldAmount + t.cashCouponAmount - t.withdrawAmount - t.investAmount - t.availableBalance) != 0;
    
    
    "
        ]
      ]
    }
    
    “I grok in fullness.” Robert A. Heinlein, Stranger in a Strange Land
    

  • 相关阅读:
    菜鸟学freeswitch(二)webRTC拨软电话自动挂断
    热部署神器-JRebel的简单使用
    菜鸟学freeswitch(一)freeswitch安装
    Feign涨姿势的机会
    zuul 设置响应超时
    @Autowired和static的关系
    加固ECS安全性的一些策略
    当https遇上websocket
    Msql 问题(持续更新)
    5.elk
  • 原文地址:https://www.cnblogs.com/zhaoyangjian724/p/6199127.html
Copyright © 2011-2022 走看看