grok


Using multiple grok pattern to assign value to 1 field


My question is regarding how to use Grok pattern.
I am aware that a given existing Grok pattern, I can use the following syntax to assign the values to a field:
%{DATESTAMP_RFC822:timestamp}
I also know that I can create my own custom pattern and use it with patternsDir field.
My question is if I can use the combination of Grok pattern to parse and assign the value to a field?
For example, here is the 'definition' of the DATESTAMP_RFC822 pattern:
DATESTAMP_RFC822 = %{DAY} %{MONTH} %{MONTHDAY} %{YEAR} %{TIME} %{TZ}
If I don't want %{TZ} as a part of the pattern, how do I use the rest of the pattern to parse and assign timestamp? Something similar to ...
?<timestamp>%{DAY} %{MONTH} %{MONTHDAY} %{YEAR} %{TIME}
I know the above doesn't work. But I hope it is clear what I want to achieve.
Just found the answer. My last attempt was actually correct.
?<timestamp>%{DAY} %{MONTH} %{MONTHDAY} %{YEAR} %{TIME}
I just needed to add opening and closing '(' to make it work.
(?<timestamp>%{MONTH}/%{MONTHDAY} %{HOUR}:?%{MINUTE}(?::?%{SECOND}))

Related Links

Grok Learning - 'Halve This'
logstash grok patterns assistance
Using multiple grok pattern to assign value to 1 field
Graylog cannot look a field as numeric
Logstatsh help needed to write grok filter
How to have timestamp as the only delimiter in Grok Logstach?
Error compiling Grok
logstash grok filter annoyance

Categories

HOME
object
composite-primary-key
jsf-2.2
solver
owl-carousel
grafana
javacc
nsbundle
computer-science
pattern-matching
little-proxy
categorical-data
project-intu
xcodebuild
speech-synthesis
selenium-ide
microsoft-dynamics-nav
dimensional-modeling
google-container-registry
nim
undertow
object-storage
scriptella
short-url
ckfinder
interbase
entity-relationship-model
progress-bar
realm-mobile-platform
google-earth
ntp
panoramas
send
postback
carriage-return
hibernate-search
sql-delete
ideascript
bc
ogc
odoo-website
parser-generator
sharp-snmp
opencmis
netbeans6.8
convex-optimization
payara-micro
truezip
reshape
cpu-cache
branch-prediction
pocketsphinx-android
polyline
vcloud-director-rest-api
simplepie
grails-plugin
webjars
google-cloud-console
iotivity
jquery-jscrollpane
eigenvector
google-query-language
exim4
concept-insights
vacuum
airbrake
dnssec
snoop
fits
apache-spark-1.3
dbaccess
ssis-data-flow
big-ip
sql-scripts
linkedin-jsapi
mobility
build-script
rcaller
dot42
ui-select2
scmmanager
epiceditor
jquery-1.9
boost-msm
dajaxice
infobright
box2d-iphone
agility.js
automationelement
clrstoredprocedure
xui
inline-formset
mtu
objective-j
resharper-6.0
interprocess
isapi-extension
sun
sifr3

Resources

Encrypt Message