Pattern doesn't match











up vote
2
down vote

favorite












I have simple fluentd conf:



<source>
@type tail
@id in_tail_springboot_container_logs
#path /var/log/containers/*.log
path /var/log/logtest.txt
#path /var/log/containers/springbootrabbitmqlistener-*.log
pos_file /var/log/fluentd-springboot-containers.log.pos
@log_level debug
multiline_flush_interval 5s
format multiline
format1 (?<timestamp>d{4}-d{2}-d{2} d{2}:d{2}:d{2}.d{3}) (?<level>INFO|ERROR|WARN|TRACE|DEBUG|FATAL)s+[(?<app>[^,]+),(?<zipkintraceid>[^,]*),(?<zipkinspanid>[^,]*),(?<zipkinsent>[^]]*)] (?<someid>[0-9]+) --- [(?<thread>[^]]+)] (?<classname>[^ ]+)s+: (?<text>.*)
format_firstline ?<timestamp>d{4}-d{2}-d{2} d{2}:d{2}:d{2}.d{3}
tag springboot.*
read_from_head true
<parse>
@type json
time_format %Y-%m-%dT%H:%M:%S.%NZ
</parse>
</source>


I test it with input line:



2018-11-09 08:49:36.111  INFO [SpringBootMicroservice,,,] 5820 --- [           main] o.s.j.e.a.AnnotationMBeanExporter        : Bean with name 'environmentManager' has been autodetected for JMX exposure


I've tested it with https://regex101.com/.



Everything works fine.



Problem is that fluent doesn't like it:



2018-11-09 08:48:18 +0000 [warn]: #0 [in_tail_springboot_container_logs] pattern not match: "2018-11-09 08:49:36.111  INFO [SpringBootMicroservice,id1,id2,true] 5820 --- [           main] o.s.j.e.a.AnnotationMBeanExporter        : Bean with name 'environmentManager' has been autodetected for JMX exposure"


Can you tell me what is wrong with my conf?










share|improve this question




















  • 1




    First, escape the . that should match a real dot. Also, check format_firstline ?<timestamp>d{4}-d{2}-d{2} d{2}:d{2}:d{2}.d{3} - you seem to have lost the parentheses.
    – Wiktor Stribiżew
    Nov 9 at 8:56






  • 1




    Try format /^(?<timestamp>d{4}-d{2}-d{2} d{2}:d{2}:d{2}.d{3})s+(?<level>INFO|ERROR|WARN|TRACE|DEBUG|FATAL)s+[(?<app>[^,]+),(?<zipkintraceid>[^,]*),(?<zipkinspanid>[^,]*),(?<zipkinsent>[^]]*)]s+(?<someid>[0-9]+) ---s*[(?<thread>[^]]+)]s*(?<classname>S+)s*:s*(?<text>.*)$/ (demo).
    – Wiktor Stribiżew
    Nov 9 at 9:44

















up vote
2
down vote

favorite












I have simple fluentd conf:



<source>
@type tail
@id in_tail_springboot_container_logs
#path /var/log/containers/*.log
path /var/log/logtest.txt
#path /var/log/containers/springbootrabbitmqlistener-*.log
pos_file /var/log/fluentd-springboot-containers.log.pos
@log_level debug
multiline_flush_interval 5s
format multiline
format1 (?<timestamp>d{4}-d{2}-d{2} d{2}:d{2}:d{2}.d{3}) (?<level>INFO|ERROR|WARN|TRACE|DEBUG|FATAL)s+[(?<app>[^,]+),(?<zipkintraceid>[^,]*),(?<zipkinspanid>[^,]*),(?<zipkinsent>[^]]*)] (?<someid>[0-9]+) --- [(?<thread>[^]]+)] (?<classname>[^ ]+)s+: (?<text>.*)
format_firstline ?<timestamp>d{4}-d{2}-d{2} d{2}:d{2}:d{2}.d{3}
tag springboot.*
read_from_head true
<parse>
@type json
time_format %Y-%m-%dT%H:%M:%S.%NZ
</parse>
</source>


I test it with input line:



2018-11-09 08:49:36.111  INFO [SpringBootMicroservice,,,] 5820 --- [           main] o.s.j.e.a.AnnotationMBeanExporter        : Bean with name 'environmentManager' has been autodetected for JMX exposure


I've tested it with https://regex101.com/.



Everything works fine.



Problem is that fluent doesn't like it:



2018-11-09 08:48:18 +0000 [warn]: #0 [in_tail_springboot_container_logs] pattern not match: "2018-11-09 08:49:36.111  INFO [SpringBootMicroservice,id1,id2,true] 5820 --- [           main] o.s.j.e.a.AnnotationMBeanExporter        : Bean with name 'environmentManager' has been autodetected for JMX exposure"


Can you tell me what is wrong with my conf?










share|improve this question




















  • 1




    First, escape the . that should match a real dot. Also, check format_firstline ?<timestamp>d{4}-d{2}-d{2} d{2}:d{2}:d{2}.d{3} - you seem to have lost the parentheses.
    – Wiktor Stribiżew
    Nov 9 at 8:56






  • 1




    Try format /^(?<timestamp>d{4}-d{2}-d{2} d{2}:d{2}:d{2}.d{3})s+(?<level>INFO|ERROR|WARN|TRACE|DEBUG|FATAL)s+[(?<app>[^,]+),(?<zipkintraceid>[^,]*),(?<zipkinspanid>[^,]*),(?<zipkinsent>[^]]*)]s+(?<someid>[0-9]+) ---s*[(?<thread>[^]]+)]s*(?<classname>S+)s*:s*(?<text>.*)$/ (demo).
    – Wiktor Stribiżew
    Nov 9 at 9:44















up vote
2
down vote

favorite









up vote
2
down vote

favorite











I have simple fluentd conf:



<source>
@type tail
@id in_tail_springboot_container_logs
#path /var/log/containers/*.log
path /var/log/logtest.txt
#path /var/log/containers/springbootrabbitmqlistener-*.log
pos_file /var/log/fluentd-springboot-containers.log.pos
@log_level debug
multiline_flush_interval 5s
format multiline
format1 (?<timestamp>d{4}-d{2}-d{2} d{2}:d{2}:d{2}.d{3}) (?<level>INFO|ERROR|WARN|TRACE|DEBUG|FATAL)s+[(?<app>[^,]+),(?<zipkintraceid>[^,]*),(?<zipkinspanid>[^,]*),(?<zipkinsent>[^]]*)] (?<someid>[0-9]+) --- [(?<thread>[^]]+)] (?<classname>[^ ]+)s+: (?<text>.*)
format_firstline ?<timestamp>d{4}-d{2}-d{2} d{2}:d{2}:d{2}.d{3}
tag springboot.*
read_from_head true
<parse>
@type json
time_format %Y-%m-%dT%H:%M:%S.%NZ
</parse>
</source>


I test it with input line:



2018-11-09 08:49:36.111  INFO [SpringBootMicroservice,,,] 5820 --- [           main] o.s.j.e.a.AnnotationMBeanExporter        : Bean with name 'environmentManager' has been autodetected for JMX exposure


I've tested it with https://regex101.com/.



Everything works fine.



Problem is that fluent doesn't like it:



2018-11-09 08:48:18 +0000 [warn]: #0 [in_tail_springboot_container_logs] pattern not match: "2018-11-09 08:49:36.111  INFO [SpringBootMicroservice,id1,id2,true] 5820 --- [           main] o.s.j.e.a.AnnotationMBeanExporter        : Bean with name 'environmentManager' has been autodetected for JMX exposure"


Can you tell me what is wrong with my conf?










share|improve this question















I have simple fluentd conf:



<source>
@type tail
@id in_tail_springboot_container_logs
#path /var/log/containers/*.log
path /var/log/logtest.txt
#path /var/log/containers/springbootrabbitmqlistener-*.log
pos_file /var/log/fluentd-springboot-containers.log.pos
@log_level debug
multiline_flush_interval 5s
format multiline
format1 (?<timestamp>d{4}-d{2}-d{2} d{2}:d{2}:d{2}.d{3}) (?<level>INFO|ERROR|WARN|TRACE|DEBUG|FATAL)s+[(?<app>[^,]+),(?<zipkintraceid>[^,]*),(?<zipkinspanid>[^,]*),(?<zipkinsent>[^]]*)] (?<someid>[0-9]+) --- [(?<thread>[^]]+)] (?<classname>[^ ]+)s+: (?<text>.*)
format_firstline ?<timestamp>d{4}-d{2}-d{2} d{2}:d{2}:d{2}.d{3}
tag springboot.*
read_from_head true
<parse>
@type json
time_format %Y-%m-%dT%H:%M:%S.%NZ
</parse>
</source>


I test it with input line:



2018-11-09 08:49:36.111  INFO [SpringBootMicroservice,,,] 5820 --- [           main] o.s.j.e.a.AnnotationMBeanExporter        : Bean with name 'environmentManager' has been autodetected for JMX exposure


I've tested it with https://regex101.com/.



Everything works fine.



Problem is that fluent doesn't like it:



2018-11-09 08:48:18 +0000 [warn]: #0 [in_tail_springboot_container_logs] pattern not match: "2018-11-09 08:49:36.111  INFO [SpringBootMicroservice,id1,id2,true] 5820 --- [           main] o.s.j.e.a.AnnotationMBeanExporter        : Bean with name 'environmentManager' has been autodetected for JMX exposure"


Can you tell me what is wrong with my conf?







regex fluentd






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Nov 9 at 8:56









Flimzy

36.1k96496




36.1k96496










asked Nov 9 at 8:54









Marcin Kasiński

1637




1637








  • 1




    First, escape the . that should match a real dot. Also, check format_firstline ?<timestamp>d{4}-d{2}-d{2} d{2}:d{2}:d{2}.d{3} - you seem to have lost the parentheses.
    – Wiktor Stribiżew
    Nov 9 at 8:56






  • 1




    Try format /^(?<timestamp>d{4}-d{2}-d{2} d{2}:d{2}:d{2}.d{3})s+(?<level>INFO|ERROR|WARN|TRACE|DEBUG|FATAL)s+[(?<app>[^,]+),(?<zipkintraceid>[^,]*),(?<zipkinspanid>[^,]*),(?<zipkinsent>[^]]*)]s+(?<someid>[0-9]+) ---s*[(?<thread>[^]]+)]s*(?<classname>S+)s*:s*(?<text>.*)$/ (demo).
    – Wiktor Stribiżew
    Nov 9 at 9:44
















  • 1




    First, escape the . that should match a real dot. Also, check format_firstline ?<timestamp>d{4}-d{2}-d{2} d{2}:d{2}:d{2}.d{3} - you seem to have lost the parentheses.
    – Wiktor Stribiżew
    Nov 9 at 8:56






  • 1




    Try format /^(?<timestamp>d{4}-d{2}-d{2} d{2}:d{2}:d{2}.d{3})s+(?<level>INFO|ERROR|WARN|TRACE|DEBUG|FATAL)s+[(?<app>[^,]+),(?<zipkintraceid>[^,]*),(?<zipkinspanid>[^,]*),(?<zipkinsent>[^]]*)]s+(?<someid>[0-9]+) ---s*[(?<thread>[^]]+)]s*(?<classname>S+)s*:s*(?<text>.*)$/ (demo).
    – Wiktor Stribiżew
    Nov 9 at 9:44










1




1




First, escape the . that should match a real dot. Also, check format_firstline ?<timestamp>d{4}-d{2}-d{2} d{2}:d{2}:d{2}.d{3} - you seem to have lost the parentheses.
– Wiktor Stribiżew
Nov 9 at 8:56




First, escape the . that should match a real dot. Also, check format_firstline ?<timestamp>d{4}-d{2}-d{2} d{2}:d{2}:d{2}.d{3} - you seem to have lost the parentheses.
– Wiktor Stribiżew
Nov 9 at 8:56




1




1




Try format /^(?<timestamp>d{4}-d{2}-d{2} d{2}:d{2}:d{2}.d{3})s+(?<level>INFO|ERROR|WARN|TRACE|DEBUG|FATAL)s+[(?<app>[^,]+),(?<zipkintraceid>[^,]*),(?<zipkinspanid>[^,]*),(?<zipkinsent>[^]]*)]s+(?<someid>[0-9]+) ---s*[(?<thread>[^]]+)]s*(?<classname>S+)s*:s*(?<text>.*)$/ (demo).
– Wiktor Stribiżew
Nov 9 at 9:44






Try format /^(?<timestamp>d{4}-d{2}-d{2} d{2}:d{2}:d{2}.d{3})s+(?<level>INFO|ERROR|WARN|TRACE|DEBUG|FATAL)s+[(?<app>[^,]+),(?<zipkintraceid>[^,]*),(?<zipkinspanid>[^,]*),(?<zipkinsent>[^]]*)]s+(?<someid>[0-9]+) ---s*[(?<thread>[^]]+)]s*(?<classname>S+)s*:s*(?<text>.*)$/ (demo).
– Wiktor Stribiżew
Nov 9 at 9:44














1 Answer
1






active

oldest

votes

















up vote
1
down vote













It looks like the problem is with this line:



format_firstline ?<timestamp>d{4}-d{2}-d{2} d{2}:d{2}:d{2}.d{3}


The issue is that the timestamp named group is incorrectly formatted - It needs parenthesis around the entire group, like so:



                 ↓                                                      ↓
format_firstline (?<timestamp>d{4}-d{2}-d{2} d{2}:d{2}:d{2}.d{3})



And for good practice, (as the Regex veteran Wiktor mentioned) you should escape your .'s when they are meant to be literal dot's, not wildcards.






share|improve this answer





















    Your Answer






    StackExchange.ifUsing("editor", function () {
    StackExchange.using("externalEditor", function () {
    StackExchange.using("snippets", function () {
    StackExchange.snippets.init();
    });
    });
    }, "code-snippets");

    StackExchange.ready(function() {
    var channelOptions = {
    tags: "".split(" "),
    id: "1"
    };
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function() {
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled) {
    StackExchange.using("snippets", function() {
    createEditor();
    });
    }
    else {
    createEditor();
    }
    });

    function createEditor() {
    StackExchange.prepareEditor({
    heartbeatType: 'answer',
    convertImagesToLinks: true,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: 10,
    bindNavPrevention: true,
    postfix: "",
    imageUploader: {
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    },
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    });


    }
    });














     

    draft saved


    draft discarded


















    StackExchange.ready(
    function () {
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53222521%2fpattern-doesnt-match%23new-answer', 'question_page');
    }
    );

    Post as a guest















    Required, but never shown

























    1 Answer
    1






    active

    oldest

    votes








    1 Answer
    1






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes








    up vote
    1
    down vote













    It looks like the problem is with this line:



    format_firstline ?<timestamp>d{4}-d{2}-d{2} d{2}:d{2}:d{2}.d{3}


    The issue is that the timestamp named group is incorrectly formatted - It needs parenthesis around the entire group, like so:



                     ↓                                                      ↓
    format_firstline (?<timestamp>d{4}-d{2}-d{2} d{2}:d{2}:d{2}.d{3})



    And for good practice, (as the Regex veteran Wiktor mentioned) you should escape your .'s when they are meant to be literal dot's, not wildcards.






    share|improve this answer

























      up vote
      1
      down vote













      It looks like the problem is with this line:



      format_firstline ?<timestamp>d{4}-d{2}-d{2} d{2}:d{2}:d{2}.d{3}


      The issue is that the timestamp named group is incorrectly formatted - It needs parenthesis around the entire group, like so:



                       ↓                                                      ↓
      format_firstline (?<timestamp>d{4}-d{2}-d{2} d{2}:d{2}:d{2}.d{3})



      And for good practice, (as the Regex veteran Wiktor mentioned) you should escape your .'s when they are meant to be literal dot's, not wildcards.






      share|improve this answer























        up vote
        1
        down vote










        up vote
        1
        down vote









        It looks like the problem is with this line:



        format_firstline ?<timestamp>d{4}-d{2}-d{2} d{2}:d{2}:d{2}.d{3}


        The issue is that the timestamp named group is incorrectly formatted - It needs parenthesis around the entire group, like so:



                         ↓                                                      ↓
        format_firstline (?<timestamp>d{4}-d{2}-d{2} d{2}:d{2}:d{2}.d{3})



        And for good practice, (as the Regex veteran Wiktor mentioned) you should escape your .'s when they are meant to be literal dot's, not wildcards.






        share|improve this answer












        It looks like the problem is with this line:



        format_firstline ?<timestamp>d{4}-d{2}-d{2} d{2}:d{2}:d{2}.d{3}


        The issue is that the timestamp named group is incorrectly formatted - It needs parenthesis around the entire group, like so:



                         ↓                                                      ↓
        format_firstline (?<timestamp>d{4}-d{2}-d{2} d{2}:d{2}:d{2}.d{3})



        And for good practice, (as the Regex veteran Wiktor mentioned) you should escape your .'s when they are meant to be literal dot's, not wildcards.







        share|improve this answer












        share|improve this answer



        share|improve this answer










        answered Nov 14 at 2:28









        Addison

        1,4761734




        1,4761734






























             

            draft saved


            draft discarded



















































             


            draft saved


            draft discarded














            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53222521%2fpattern-doesnt-match%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown







            Popular posts from this blog

            Guess what letter conforming each word

            Port of Spain

            Run scheduled task as local user group (not BUILTIN)