i have three files named:
- foo.log.2020-02-17.log
- bar.log
- foo.log.17-02-2020
i need to extract the whole file name and the date aswell i tried this expression but it's not working for me:
(?< app_name >.*(?< logdate >({YEAR}-%{MONTHNUM}-%{MONTHDAY})|(%{MONTHDAY}-%{MONTHNUM}-%{YEAR}))?(.log)?)`
when i remove the "?" after %{YEAR})) it works fine with files containing date
i spent 2 hours trying to figure it out, if someone could help i'll be so much grateful.
I think that should be )?)
That's a reasonable way for it to match. The .* in ' app_name ' consumes everything and all parts of ' logdate ' are optional, so an empty string matches. In a grok filter you can match against an array of patterns, one of which has an optional .log and the other has an optional date.
I think that should be )?)
your last reply solved my problem but, the ))? worked better because if the string doesn't exist the tag isn't shown at all and that's exactly what i need. with )?) it shows logdate:"" when there's no date.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.
