The problem of matching pattern of date and time

if you encounter a problem, come to the forum for advice, mainly to match the following two times and not to judge
Wed Oct 24 13:59:18 2018
Wed Oct 9 13:59:18 2018

this time, we encountered a rather strange date format. The date in units is not the normal 0x, but the space x. This is not the case. The original "EEE MMM dd HH:mm:ss yyyy" matching rule was reported wrong directly, and this is nested in a tool, so it is difficult to judge. Ask if you can match the two at the same time. The nested pattern uses the DateTimeFormat. of the following website

.

pattern:
https://www.joda.org/joda-tim.

Log nginx java
Sep.18,2021

this belongs to the GRAYLOG log analysis system. Thanks to the enthusiastic developers on github, the problem has been solved. Finally, grok regular matching judgment date format is added, with pipelines rules

.

Rule 1: 

rule "prase date "
// we want to create ISO8601 Timestamps
// make 'Wed Oct 24 13:59:18 2018' ISO8601
when
    grok(pattern: "%{DAY} %{MONTH} %{MONTHDAY} %{TIME} %{YEAR}", value:to_string($message.transaction_time_stamp)).matches == true
then
    let time = parse_date(value:to_string($message.transaction_time_stamp), pattern:"EEE MMM dd HH:mm:ss yyyy", timezone:"Asia/Shanghai");
    set_field("timestamp",time);
end

Rule 2: 

rule "prase date (single number day)"
// we want to create ISO8601 Timestamps
// make 'Wed Oct  4 13:59:18 2018' ISO8601
// cisco did not use 05 but <space>5 for days with a single digit
when
    grok(pattern: "%{DAY} %{MONTH}  %{MONTHDAY} %{TIME} %{YEAR}", value:to_string($message.transaction_time_stamp)).matches == true
then
    let time = parse_date(value:to_string($message.transaction_time_stamp), pattern:"EEE MMM  d HH:mm:ss yyyy", timezone:"Asia/Shanghai");
    set_field("timestamp",time);
end

attached github question link:
https://github.com/Graylog2/g.

Previous: How to migrate the container to another machine after the docker-compose is built successfully?

Next: How to implement a template engine in the form of list similar to that used in CMS?

css mysql arrays josn react html typescript webpack npm sass R objective-c .net sql-server jquery python-3.x angularjs django angular excel regex iphone ajax linux xml pandas vba spring database wordpress string wpf xcode windows bash postgresql oracle multithreading eclipse list firebase algorithm macos forms image scala visual-studio azure bootstrap spring-boot react-native python-2.7 docker performance function winforms matlab powershell apache dataframe api sqlite numpy rest shell selenium flutter dart maven loops qt swing android-studio csv express file class tensorflow sorting codeigniter perl
© 2021 CodesHelper
Advertising Contact us About us
Menu