在nodejs中使用grok模塊的問題

Question

我想使用grok解析節點中的一些日誌，它似乎在grok調試器中工作，但不是當我在節點中運行時。

在http://grokdebug.herokuapp.com/我做的：

輸入：[2016-02-01 15:29:02,039] INFO [Replica state machine on controller 0]: Invoking state change to OnlineReplica for replicas [Topic=elk-test,Partition=0,Replica=0] (kafka.controller.ReplicaStateMachine)

模式：\[%{TIMESTAMP_ISO8601:timestamp}\] %{LOGLEVEL:level} \[%{DATA:message1}\]: %{GREEDYDATA:message2}

它輸出這樣的：

{ 
    "timestamp": [ 
    [ 
     "2016-02-01 15:29:02,039" 
    ] 
    ], 
    "YEAR": [ 
    [ 
     "2016" 
    ] 
    ], 
    "MONTHNUM": [ 
    [ 
     "02" 
    ] 
    ], 
    "MONTHDAY": [ 
    [ 
     "01" 
    ] 
    ], 
    "HOUR": [ 
    [ 
     "15", 
     null 
    ] 
    ], 
    "MINUTE": [ 
    [ 
     "29", 
     null 
    ] 
    ], 
    "SECOND": [ 
    [ 
     "02,039" 
    ] 
    ], 
    "ISO8601_TIMEZONE": [ 
    [ 
     null 
    ] 
    ], 
    "level": [ 
    [ 
     "INFO" 
    ] 
    ], 
    "message1": [ 
    [ 
     "Replica state machine on controller 0" 
    ] 
    ], 
    "message2": [ 
    [ 
     "Invoking state change to OnlineReplica for replicas [Topic=elk-test,Partition=0,Replica=0] (kafka.controller.ReplicaStateMachine)" 
    ] 
    ] 
} 

在的NodeJS，我嘗試做這樣的：

'use strict'; 

var nodegrok = require('node-grok'); 
var Regex = require("regex"); 
var zlib = require('zlib'); 

var str2 = '[2016-02-01 15:29:02,039] INFO [Replica state machine on controller 0]: Invoking state change to OnlineReplica for replicas [Topic=elk-test,Partition=0,Replica=0] (kafka.controller.ReplicaStateMachine)' 

var p2 = '\[%{TIMESTAMP_ISO8601:timestamp}\] %{LOGLEVEL:level} \[%{DATA:message1}\]: %{GREEDYDATA:message2}' 


var patterns = require('node-grok').loadDefaultSync(); 
var pattern = patterns.createPattern(p2) 
console.log('pattern:', pattern.parseSync(str2)); 

，但得到這個錯誤，那麼：

/Users/usrxxx/kafka_process_lambda/node_modules/node-grok/node_modules/oniguruma/lib/onig-reg-exp.js:9 
     this.scanner = new OnigScanner([this.source]); 
        ^

Error: empty range in char class 
    at Error (native) 
    at new OnigRegExp (/Users/usrxxx/kafka_process_lambda/node_modules/node-grok/node_modules/oniguruma/lib/onig-reg-exp.js:9:22) 
    at GrokPattern.t.parseSync (/Users/usrxxx/kafka_process_lambda/node_modules/node-grok/lib/index.js:38:24) 
    at Object.<anonymous> (/Users/usrxxx/kafka_process_lambda/index.js:12:33) 
    at Module._compile (module.js:409:26) 
    at Object.Module._extensions..js (module.js:416:10) 
    at Module.load (module.js:343:32) 
    at Function.Module._load (module.js:300:12) 
    at Function.Module.runMain (module.js:441:10) 
    at startup (node.js:139:18) 

Answer 1

正如從example明顯，你需要正確地逃脫字符[和]。所以，在你的代碼，改變...

var p2 = '\[%{TIMESTAMP_ISO8601:timestamp}\] %{LOGLEVEL:level} \[%{DATA:message1}\]: %{GREEDYDATA:message2}' 

...到：

var p2 = '\\[%{TIMESTAMP_ISO8601:timestamp}\\] %{LOGLEVEL:level} \\[%{DATA:message1}\\]: %{GREEDYDATA:message2}' 

然後你的代碼輸出：

$ node app.js 
pattern: { timestamp: '2016-02-01 15:29:02,039', 
    level: 'INFO', 
    message1: 'Replica state machine on controller 0', 
    message2: 'Invoking state change to OnlineReplica for replicas [Topic=elk-test,Partition=0,Replica=0] (kafka.controller.ReplicaStateMachine)' }