Hello everybody!
I use this code in logstash filter to compare time but don't work.

if [timecheck] =~ /.*((\[0\]\[0-6\]):\[0-5\]\[0-9\]:\[0-5\]\[0-9\])|((\[1\]\[2-9\]|2\[0-3\]):\[0-5\]\[0-9\]:\[0-5\]\[0-9\]).*/ {
  mutate {
    add_tag => "OVERTIME"
  }
}
else if [timecheck] =~ /.+/ {
  mutate {
    add_tag => "WORKING-HOURS"
  }
}
else {
  mutate { add_tag => "NO-TIMECHECK-MATCH" }
}

logstash work but regex not match. Always enter in WORKING-HOURS because timecheck is not empty

(I try regex on regexr.com and work well)

Don't escape the square brackets.

thanks a lot

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.