I have a non - standard, Adobe / Omniture log standard timestamp that I want to extract. The value after the word Hour is the actual hour of the day in military time so 0 is between 12 and 1am...and so on and so forth til hour 23. Don't care about minutes or seconds.
Error logs are not spitting out any useful info, but it is not pulling out the timestamp.
Example 1: "August 13, 2013", Hour 0 foobar:A 1
Example 2: "August 13, 2013", Hour 1 300:A general
here is my complete datetime.xml
<![CDATA[\"(\w+)\s+(\d{1,2})\,\s+(\d{4})\,\s+Hour\s+(\d{1,2})\"\,\s+]>
Why is this not working? I hard coded the actual Month "August" to test make sure it was not my regex, but timestamp is still wrong.
Here is my props.conf:
[timestamp]
NO_BINARY_CHECK = 1
SHOULD_LINEMERGE = false
MAX_TIMESTAMP_LOOKAHEAD = 2
DATETIME_CONFIG = /etc/system/local/datetime.xml
TIME_FORMAT = %B %d, %Y, Hour %H doesn't like the hour either.
... View more