grok


Using multiple grok pattern to assign value to 1 field


My question is regarding how to use Grok pattern.
I am aware that a given existing Grok pattern, I can use the following syntax to assign the values to a field:
%{DATESTAMP_RFC822:timestamp}
I also know that I can create my own custom pattern and use it with patternsDir field.
My question is if I can use the combination of Grok pattern to parse and assign the value to a field?
For example, here is the 'definition' of the DATESTAMP_RFC822 pattern:
DATESTAMP_RFC822 = %{DAY} %{MONTH} %{MONTHDAY} %{YEAR} %{TIME} %{TZ}
If I don't want %{TZ} as a part of the pattern, how do I use the rest of the pattern to parse and assign timestamp? Something similar to ...
?<timestamp>%{DAY} %{MONTH} %{MONTHDAY} %{YEAR} %{TIME}
I know the above doesn't work. But I hope it is clear what I want to achieve.
Just found the answer. My last attempt was actually correct.
?<timestamp>%{DAY} %{MONTH} %{MONTHDAY} %{YEAR} %{TIME}
I just needed to add opening and closing '(' to make it work.
(?<timestamp>%{MONTH}/%{MONTHDAY} %{HOUR}:?%{MINUTE}(?::?%{SECOND}))

Related Links

Grok Learning - 'Halve This'
logstash grok patterns assistance
Using multiple grok pattern to assign value to 1 field
Graylog cannot look a field as numeric
Logstatsh help needed to write grok filter
How to have timestamp as the only delimiter in Grok Logstach?
Error compiling Grok
logstash grok filter annoyance

Categories

HOME
developer-tools
ggplot2
alexa-skills-kit
rsa
scripting
dojo
web-hosting
x264
vert.x
character
plist
line
ipmitool
google-container-registry
jmp
delphi-xe5
selinux
kendo-mobile
parcelable
qliksense
definitelytyped
angularjs-components
tpm
bringtofront
subclass
iis-express
mustache
cognos-bi
r-grid
vue-chartjs
dynamic-jasper
carriage-return
html-encode
engine.io
apic
lint
wurfl
apns-php
stringtokenizer
watchface
ssrs-2014
wc
uiimage
servermanager
globalize
google-cse
qtranslate
tinkerpop
skin
pdf-conversion
quicktime
objectscript
jtree
cubism.js
meteor-packages
segment-io
beamer
avspeechsynthesizer
observablecollection
tracker-enabled-dbcontext
avisynth
zen-cart
evolus-pencil
iced-coffeescript
typemock
wso2greg
skspritenode
telepat
ejb-2.x
iiop
easyrtc
entry-point
human-computer-interface
rcaller
gnumeric
getopt
light
css-reset
wimax
denied
matlab-load
exponentiation
tournament
http-daemon
django-paypal
ie-compatibility-mode
cruisecontrol.rb
globals
escrow
movieplayer
pbcopy
great-circle

Resources

Encrypt Message



code
soft
python
ios
c
html
jquery
cloud
mobile