Hi all
I am trying to extract the timestamp from a log file (Using the telegraf logparser input) but the date and time are separated by a semicolon. Is there a way I can make my Grok pattern work but replace the semicolon with a space ? - InfluxDB is erroring on parsing the timestamp because of the semicolon
Here is a sample from the log -
2019-11-18;05:10:55.954;INFORMATION;domain;test.user;2;1120;CheckUserExistsInGroup: No Entries Found In ExcludedGroups
this is my Grok pattern -
%{TS_CUST:timestamp:ts-“2006-01-02 15:04:05.999”};%{WORD:Status:tag};%{WORD:Domain:tag};%{USERNAME:username:tag};%{NUMBER:SessionID:int};%{NUMBER:ProcessID:int};%{WORD:Action}: %{GREEDYDATA:message}
TS_CUST %{YEAR}-%{MONTHNUM}-%{MONTHDAY};%{TIME}
and from grok debugger here is the output -
{
“timestamp”: [
“2019-11-18;05:10:55.954”
],
“Status”: [
“INFORMATION”
],
“Domain”: [
“domain”
],
“username”: [
“test.user”
],
“Action”: [
“CheckUserExistsInGroup”
],
“message”: [
“No Entries Found In ExcludedGroups”
]
}
I have been trying for ages to get rid of the semicolon between the date and time and replace with a ‘space’ in the ‘timestamp’ match as influxDB won’t accept the timestamp with the semicolon. It seems that the semicolon is not being ‘escaped’ in my pattern. Any help would be greatly appreciated
