joker57
Reputation: 150
How to replace search time with "time" field in fluentbit?
I defined a customized multiline parser with regex and another parser to split time and log line into fields "time" and "message" respectively:
How could I replace the search time with the value of "time"?
Here is my multiline parser, invoked with tail input:
[MULTILINE_PARSER]
name jsm
type regex
flush_timeout 1000
# rules | state name | regex pattern | next state
# ------|---------------|--------------------------------------------
rule "start_state" "/(\d{4}\-\d{2}-\d{2} \d{2}\:\d{2}\:\d{2}\,\d+[\+\-]\d+)(.*)/" "cont"
rule "cont" "/^[\s+at|java|Caused]/" "cont"
Here is the parser:
[PARSER]
Name jsm
Format regex
Regex /^(?<time>\d{4}\-\d{2}-\d{2} \d{2}\:\d{2}\:\d{2}\,\d+[\+\-]\d+) (?<message>.*)/m
The parser above is invoked in Filter:
[FILTER]
name parser
match *
key_name log
parser jsm
Thanks.
Try to find a solution to complete this search.
Upvotes: 0
Views: 611
Answers (1)
joker57
Reputation: 150
Issue fixed after adding a parameter Time_Format in Parser jsm, this has to match the time format in the log entry, otherwise it will be ignored.
Upvotes: 0
Related Questions
- how to succesfully compile python 3.x
- Package Python3.7 is not available
- Error during the installation of Python
- unable to install python 3.6 on linux
- How to configure python 3.7 on Ubuntu?
- Unable to install pip for python 3.7 after updating from 3.6
- Getting error when trying to install python
- unable to install python from source
- pip failling to install for Python 3.7 on MacOs
- can't run python3 on ubuntu