Fluentd log source format RegEX

Question

I have logs of this format:

2015-02-25 18:33:06,975 INFO c.a.p.c.b.s.Monitor akka://application/user/daemons/monitor : 91 active threads, 4175691776 bytes used

I came up to this regex:

(?<time>[^ ]* [^ ]*) (?<method>[^ ]*) (?<path>[^ ]*) (?<message>[^ ].*$)

When I test in Fluentular (I will be using it as a format for fluentd log input) I get fields:

time  =>    2015/02/25 18:33:06 +0000
method  =>    INFO
PATH    =>  <empty>
message => c.a.p.c.b.s.Monitor akka://application/user/daemons/monitor : 91 active threads, 4175691776 bytes used

I am not able to break the message string. I would like the matching groups to be:

time  =>    2015/02/25 18:33:06 +0000
method  =>    INFO
PATH  =>    c.a.p.c.b.s.Monitor
message =>    akka://application/user/daemons/monitor : 91 active threads, 4175691776 bytes used

What would be a proper regex

Answer 1

The problem is that there are two spaces between INFO and c.a.p.c.b.s.Monitor in your input string. Adding a + to allow for one-or-more spaces in that position, you'd get:

(?<time>[^ ]* [^ ]*) (?<method>[^ ]*) +(?<path>[^ ]*) (?<message>[^ ].*$)

You may or may not want to add those to the rest of the components, like:

(?<time>[^ ]* [^ ]*) +(?<method>[^ ]*) +(?<path>[^ ]*) +(?<message>[^ ].*$)