Log parsing using RegEx
Question:
I want to parse the following logs in particular classes.
2019-11-14T04:24:04.072Z INFO MessagingObjectFactoryImpl-4-2 ExporterLastAckServiceImpl - - [nsx@6876 comp="nsx-manager" level="INFO" subcomp="manager"] Found exporter with elaId = Node#a3844284-e626-11e9-a87b-005056bcc0c6#AggSvc-L2-Bridging, returning lastAck = 16507
2019-11-14T04:23:08.362Z INFO ActivityEventRecovery-1 ActivityCacheManager - - [nsx@6876 comp="nsx-manager" level="INFO" subcomp="manager"] Handling activity 92d6a146-fa12-4889-a0ff-441087e047d0 completion event for 1
2019-11-14T04:23:08.362Z DEBUG ActivityEventRecovery-1 ActivityCacheManager - - [nsx@6876 comp="nsx-manager" level="INFO" subcomp="manager"] Handling activity 92d6a146-fa12-4889-a0ff-441087e047d0 completion event for 1
I tried
(?<timestamp>dddd-dd-ddTdd:dd:dd.dddZ)s+(?<level>INFO|WARN|DEBUG|ERROR|FATAL|TRACE)s+(?<text>.*?s.*?)-s+-s[(?<class>.*?)]s+(?<Message>.*? |Z)
I am getting everything with this except Message class.
How should I write Message class Regex?
Here’s the link https://regex101.com/r/LJnVrS/86
Answers:
.*? will match as few characters as possible, until you get to a space. Because it looks like the matches all end at the end of a line, instead, just continue matching whatever you can until you get to the end of the line. Remove the s flag, and use:
(?<Message>.*)
(no need for Z)
I want to parse the following logs in particular classes.
2019-11-14T04:24:04.072Z INFO MessagingObjectFactoryImpl-4-2 ExporterLastAckServiceImpl - - [nsx@6876 comp="nsx-manager" level="INFO" subcomp="manager"] Found exporter with elaId = Node#a3844284-e626-11e9-a87b-005056bcc0c6#AggSvc-L2-Bridging, returning lastAck = 16507
2019-11-14T04:23:08.362Z INFO ActivityEventRecovery-1 ActivityCacheManager - - [nsx@6876 comp="nsx-manager" level="INFO" subcomp="manager"] Handling activity 92d6a146-fa12-4889-a0ff-441087e047d0 completion event for 1
2019-11-14T04:23:08.362Z DEBUG ActivityEventRecovery-1 ActivityCacheManager - - [nsx@6876 comp="nsx-manager" level="INFO" subcomp="manager"] Handling activity 92d6a146-fa12-4889-a0ff-441087e047d0 completion event for 1
I tried
(?<timestamp>dddd-dd-ddTdd:dd:dd.dddZ)s+(?<level>INFO|WARN|DEBUG|ERROR|FATAL|TRACE)s+(?<text>.*?s.*?)-s+-s[(?<class>.*?)]s+(?<Message>.*? |Z)
I am getting everything with this except Message class.
How should I write Message class Regex?
Here’s the link https://regex101.com/r/LJnVrS/86
.*? will match as few characters as possible, until you get to a space. Because it looks like the matches all end at the end of a line, instead, just continue matching whatever you can until you get to the end of the line. Remove the s flag, and use:
(?<Message>.*)
(no need for Z)