Regular Expressions 101

Community Patterns

REGEX to parse IIS7 Log File into FluentD

4

Regular Expression
PCRE (PHP <7.3)

/
^(?<date>\d{4}\-\d{2}\-\d{2}\s+)(?<time>\d{2}\:\d{2}\:\d{2}\s+)(?<sip>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\s+)(?<csmethod>.+?\s+)(?<csuristem>.+?\s+)(?<csuriquery>.+?\s+)(?<sport>\d{1,3}\s+)(.+?\s+)(?<cip>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\s+)(?<csUseragent>.+?\s+)(?<scstatus>\d{1,3}\s+)(?<scsubstatus>\d{1,3}\s+)(?<scwin32status>\d+\s+)(?<scbytes>\d+\s+)(?<csbytes>\d+\s+)(?<timetaken>\d+)?$
/

Description

This regex parses the entire line of the IIS log files (without detail on the AgentID) for usage into FluentD. Q&C - juan.carniglia@gmail.com

Submitted by Juan Carniglia - 10 years ago