I extracted a field named "apche_zhuji_sip", but the content is not accurate, some are not IP, how do I use regular expressions to filter non-IP content
It will be something like this
(your extract)
| regex apche_zhuji_sip="^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$"
That's the basic, simple version that makes sure the IP has 1-3 numeric digits. You could also do a more complicated version that limits the nodes to 001-255...
| regex apche_zhuji_sip="(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3} (?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)"
It will be something like this
(your extract)
| regex apche_zhuji_sip="^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$"
That's the basic, simple version that makes sure the IP has 1-3 numeric digits. You could also do a more complicated version that limits the nodes to 001-255...
| regex apche_zhuji_sip="(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3} (?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)"