Solved: Re: How to transfer Strftime TIME_FORMAT to a regu...

royimad · ‎03-27-2013

Log content (log4j) begin with a date that i will use it as TIME_FORMAT in my props.conf file.

Fri Jan 04 2013 13:05:34,114 EST ERROR wavemark.webapp.interceptors.WmExceptionInterceptor - WaveMarkException occurred
wavemark.common.exceptions.WaveMarkException: Error while calling method [getReportData] in deleg

The TIME_FORMAT should be equal to %a %b %e %Y %k:%M:%S,%3 %Z
I need to convert this to the regular expression to put it on LINE_BREAKER.

So what are the equivalent of my strftime in regular expression? is their a tool to convert this or i just need it to write it from scratch.

Many Thanks,
Roy

gfuente · ‎03-27-2013

Hello

Try this regex:

\w{3}\s\w{3}\s\d{2}\s\d{4}\s\d{2}:\d{2}:\d{2},\d{3}\s\w{3}

Regards

Edited to add miliseconds and time zone, hope it works

View solution in original post

gfuente · ‎03-27-2013

Hello

Try this regex:

\w{3}\s\w{3}\s\d{2}\s\d{4}\s\d{2}:\d{2}:\d{2},\d{3}\s\w{3}

Regards

Edited to add miliseconds and time zone, hope it works

gfuente · ‎03-27-2013

Done let me know it works

royimad · ‎03-27-2013

How to add the rest of the date the millisecond and the timezone ?

How to transfer Strftime TIME_FORMAT to a regular expression ?

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Deep insights, no barriers: Splunk Observability Cloud Free Edition

Monitoring AI Agents with Splunk Observability Cloud

[Puzzles] Solve, Learn, Repeat: Tiling

Join the Conversation