All geek questions in one place

Is there an existing grok pattern {} for the date format YYYY / MM / DD HH: mm: ss?

I checked the nginx error logs on our server and found that they start from a date formatted as:

2015/08/30 05:55:20

i.e. YYYY/MM/DD HH:mm:ss. I tried to find an existing date template that could help me figure this out quickly, but, unfortunately, could not find such a date format. In the end, I had to write a template like:

%{YEAR}/%{MONTHNUM}/%{MONTHDAY}[T ]%{HOUR}:?%{MINUTE}(?::?%{SECOND})?%{ISO8601_TIMEZONE}?

I still hope if there will be a shorter template for this?

+7
source share
4 answers

. GitHub. datestamp , YYYY/MM/DD, DATE_US DATE_EU .

DATE Grok patterns_dir DATESTAMP.

DATE_YMD %{YEAR}/%{MONTHNUM}/%{MONTHDAY}
DATE %{DATE_US}|%{DATE_EU}|%{DATE_YMD}

grok Pattern_dir.

+6

3

  1. . nginx.

$msec . .

log_format custom '[$msec] [$remote_addr] [$remote_user] '
                  '"$request" $status '
                  '"$http_referer" "$http_user_agent"';
  1. . .

GREEDYDATA:

grok {
  match => { "message" => "\[%{GREEDYDATA:raw_timestamp}\] %{GREEDYDATA:message}" }
  overwrite => [ "message" ]
}
  1. . date .

date {
  match => [ "timestamp", "yyyy/MM/dd HH:mm:ss.S z" ]
  target => "@timestamp"
}
+5

2015/08/30 05:55:20, :

%{DATESTAMP:mytimestamp}

Logstash 6.5

Source: https://github.com/logstash-plugins/logstash-patterns-core/blob/master/patterns/grok-patterns

+2
source

You can also just include the joda.time template, which is simple and short.

date {
  match => [ "timestamp", "yyyy/MM/dd HH:mm:ss" ]
  target => "@timestamp"
}

Helpful reference link: https://docs.oracle.com/javase/8/docs/api/java/time/format/DateTimeFormatter.html

+1
source

Source: https://habr.com/ru/post/1606086/

More articles:


All Articles