Fluentular: a Fluentd regular expression editor

Regular Expression Test String Custom Time Format (See also ruby document; strptime)

Example (Apache)

Regular expression:

^(?<host>[^ ]*) [^ ]* (?<user>[^ ]*) \[(?<time>[^\]]*)\] "(?<method>\S+)(?: +(?<path>[^ ]*) +\S*)?" (?<code>[^ ]*) (?<size>[^ ]*)(?: "(?<referer>[^\"]*)" "(?<agent>[^\"]*)")?$

Time Format:

%d/%b/%Y:%H:%M:%S %z

Configuration

Copy and paste to fluent.conf or td-agent.conf

<source>
  type tail
  path /var/log/foo/bar.log
  pos_file /var/log/td-agent/foo-bar.log.pos
  tag foo.bar
  format /(?<DateTime>\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2})(\.\d{3,6})? (?<pid>[^ ]*) (?<loglevel>[^ ]*) (?<class>[^ ]*) (\[(?<context>[^\]]*)\])? (?<message>.*)/
</source>

Data Inspector

Attributes

Key	Value
time	2024/04/28 08:48:33 +0000

Records

Key	Value
DateTime	2018-09-05 12:34:33
pid	2813186
loglevel	INFO
class	nova.api.openstack.placement.requestlog
context	req-d4573763-4521-419f-a4ba-c489a7e17ea9 fba548d81cd6480b90940a89e00f4133 6ba1bbedb40c411e9482128150886ba6 - default default
message	192.168.1.1 "DELETE /allocations/196db945-0089-40ae-8108-a950fb453296" status: 204 len: 0 microversion: 1.0