How to search log line for a specific pattern format

kmiklas · August 27, 2019, 4:41pm

Is it possible to search for a generic pattern within a log line?

Our log lines are a bit disorganized. They come in many different flavors and formats from different systems, but they all contain a date and time stamp. It may be in different positions within the log line, but it does exist.

Take for example these three log lines:

ERR 01/01/2019 12:34:17:231 &&&& PID=1u5038u1jgk;lvdmn02t 49 hash this PROBLEM!!! 
~~~> myLog No. 476772233 ~~~~~~ 04/12/2019 12:34:17:231 user-->kmiklas blah 44626
#_ { date: 04/12/2019, time: 12:34:17:231 } ** user: kmiklas #

Notice how all three of them have a date in the format mm/dd/yyyy, and a time in the format hh:mm:ss:mss.

If I want to grab the date from any of these lines, is there a way to search for a substring in the format nn/nn/nnnn in the line?

This would preclude the use of specific grok patterns, because there are hundreds of different lines and the date may be anywhere in the line.

Thanks for your help.
Sincerely,
Keith

Badger · August 27, 2019, 5:04pm

Use grok. grok patterns are not anchored, so they will find the date and time anywhere in the line

    grok {
        break_on_match => false
        match => { "message" => [ "\b(?<date>\d{2}/\d{2}/\d{4})\b", "\b(?<time>\d{2}:\d{2}:\d{2})\b" ] }
    }

system · September 24, 2019, 5:04pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Non standard log lines Logstash	2	1096	July 6, 2017
Grok pattern for date Logstash	6	1691	June 13, 2019
Parse different datetime values into timestamp Logstash	4	604	April 14, 2017
How to parse different time formats Logstash	5	1284	June 8, 2017
Logstash date extraction help Logstash	3	612	December 26, 2016

How to search log line for a specific pattern format

Related topics