Logstash filter: compare time using regex
Question
I use this code in logstash filter to compare time but don't work.
if [timecheck] =~ /.*((\[0\]\[0-6\]):\[0-5\]\[0-9\]:\[0-5\]\[0-9\])|((\[1\]\[2-9\]|2\[0-3\]):\[0-5\]\[0-9\]:\[0-5\]\[0-9\]).*/ {
mutate {
add_tag => "OVERTIME"
}
}
else if [timecheck] =~ /.+/ {
mutate {
add_tag => "WORKING-HOURS"
}
}
else {
mutate { add_tag => "NO-TIMECHECK-MATCH" }
}
logstash work but regex not match. Always enter in WORKING-HOURS because is not empty
(I try regex on regexr.com and work well)
1 answers
solution1
0 ACCPTED 2017-06-14 07:46:35
Don't escape the square brackets.
if [timecheck] =~ /(([0][0-6]):[0-5][0-9]:[0-5][0-9])|(([1][8-9]|2[0-3]):[0-5][0-9]:[0-5][0-9])/ {
mutate {
add_tag => "OVERTIME"
add_field => { "time-work" => "OVERTIME" }
}
}
else if [timecheck] =~ /.+/ {
mutate {
add_tag => "WORKING-HOURS"
add_field => { "time-work" => "WORKING-HOURS" }
}
}
else {
mutate { add_tag => "NO-TIMECHECK-MATCH" }
}
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.
Related Question
Logstash grok filter regex
Logstash filter Regex into Field
Logstash grok & regex filter
logstash-filter not honoring the regex
regex for logstash.conf input filter path
Conditionals and regex doubts with grok filter in logstash
Logstash filter, if field matches regex not working
RegEx Filter Works In RegExr But Not Logstash Grok
String compare using regex
Logstash grok filter is slower than Java regex pattern matching
Related Tags