When configuring Logtail to collect text logs, if you select the full regex mode for parsing and collecting logs, you must configure a regular expression based on your log sample. This topic describes how to debug a regular expression when you configure it.
This document may contain information about third-party products that are for reference only. Alibaba Cloud does not make any guarantee, express or implied, with respect to the performance and reliability of third-party products, as well as potential impacts of operations on the products.
Description
When you configure a regular expression, you can use the validation function for debugging.
Regex to Match First Line: Check whether the current setting matches the expected number of logs.
Extract Field: Check whether the values in each field are the values you expected.
If you want to do more regular expression debugging, you can use functions such Regex101 and paste the regular expression automatically generated in the console to these tools. Then, populate your actual log sample for checking and debugging.
In full regex mode, you can automatically generate a regular expression. However, there is a problem when generating a regular expression for multiple-line logs. This topic takes Regex101 as an example to verify and modify the regular expression.
Operation
Access Regex101, copy the complete regular expression automatically generated by log service based on the log sample REGULAR EXPRESSION, how to generate a regular expression, see full regex mode.
\[([^]]+)]\s\[(\w+)]\s([^:]+:\s\w+\s\w+\s[^:]+:\S+\s[^:]+:\S+\s\S+). *
The regular expression also appears in the right pane of the page.
In TEST STRING the logs after at are not included in the message field (in blue). Therefore, this expression cannot exactly match the sample logs, you cannot obtain all log data by using this regular expression.
If only two colons are found in the log, exact match is found.
In this case, replace the last regular expression
[\S\s]+
, and try again to check the matching degree, so that the complete matching can be realized. Logs with only two colons can be matched.