Capture date and time from a sentence

Abhilash_B · May 14, 2019, 3:11pm

Hi,

I have this sentence, The deployment started 3/19/2019 at 2:05 as a "message" to logstash
How do I capture the date and time in the above sentence? Also, how should I check to allow this sentence to be parsed and other sentences be ignored. I was thinking something on the lines of:

if [message] =~ /^The deployment started/ {
    ruby{
        <some code here to parse date and time>
    }
}

Any help here is appreciated. Thanks.

dadoonet · May 14, 2019, 3:12pm

Why not a grok or dissect filter?

Abhilash_B · May 14, 2019, 5:00pm

Hey David,

Can you give an example? Would be really helpful.

Thanks.

Badger · May 14, 2019, 5:35pm

A dissect would be as simple as

dissect { mapping => { "message" => "The deployment started %{date} at %{time}" } }

system · June 11, 2019, 5:35pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.