时间戳 GROK 故障
[英]TIMESTAMP GROK FAILURE
问题描述
some issue with grok timestamp pattern 
grok 时间戳模式的一些问题
2020-3-4 10:22:37 >> this will match with this pattern %{TIMESTAMP_ISO8601:my_time}
2020-3-4 0:2:37 >> this will fail with this pattern %{TIMESTAMP_ISO8601:my_time}
also tried to match the pattern by using this separate pattern like YEAR MONTH AND DAY but again it will break when it reaches time %{HOUR}:%{MINUTE}:%{SECOND} .还尝试通过使用这个单独的模式来匹配模式,比如YEAR MONTH AND DAY但是当它到达时间%{HOUR}:%{MINUTE}:%{SECOND}时它会再次中断。 Any idea ?任何的想法 ?
1 个解决方案
解决方案1
0 已采纳 2020-03-18 11:48:48
The issue is with how the minute pattern is defined in logstash: (?:[0-5][0-9]) .问题在于如何在 logstash 中定义分钟模式: (?:[0-5][0-9]) 。 This pattern expects a two digit minute number, which breaks in your second case ( 2020-3-4 0:2:37 ).此模式需要一个两位数的分钟数,在您的第二种情况下会中断 ( 2020-3-4 0:2:37 )。
I've changed the pattern to accept a one-digit number of minutes: (?:[0-5][0-9]|[0-9])我已更改模式以接受一位数的分钟数: (?:[0-5][0-9]|[0-9])
You can then use this custom pattern:然后,您可以使用此自定义模式:
(?<my_time>%{YEAR}-%{MONTHNUM}-%{MONTHDAY}[T ]%{HOUR}:?(?:[0-5][0-9]|[0-9])(?::?%{SECOND})?%{ISO8601_TIMEZONE}?)
which is the TIMESTAMP_ISO8601 with MINUTE replaced by my pattern.这是TIMESTAMP_ISO8601与MINUTE替换为我的模式。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.