1

I am trying to parse following line

2021-03-09 05:31:41.396 [main] INFO [][][] o.s.c.b.c.PropertySourceBootstrapConfiguration - Located property source: [BootstrapPropertySource {name='bootstrapProperties-configmap.aa.default'}]

with this regex

^(?<time>\d\d\d\d-\d\d-\d\d \d\d:\d\d:\d\d.\d\d\d) \[(?<thread>[^ ]+)\] (?<severity>[^ ]+) \[\]\[(?<request_id>[^ ]*)\]\[\] (?<class>[^ :]*) - (?<log>.*)$

everything works up until \[\]\[(?<request_id>[^ ]*)\]\[\] - adding request_id results in creating a mapping on elasticsearch which puts everything under log property

Łukasz
  • 1,980
  • 6
  • 32
  • 52

1 Answers1

1

You can use

^(?<time>\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}\.\d{3}) +\[(?<thread>[^ ]+)\] +(?<severity>[^ ]+) +\[\]\[(?<request_id>[^ ]*)\]\[\] +(?<class>[^ :]*) +- +(?<log>.*)$

See the regex demo.

There are multiple spaces between INFO and [][][], so you need to use + to quantify the space. Also, you need to escape the dot that must match a literal dot. Also, repeating \d four times is not pretty, that is why you resort to limiting (or range) quantifiers, {4} matches \d four times.

Wiktor Stribiżew
  • 607,720
  • 39
  • 448
  • 563