Cannot parse month followed by 1-2 digit date [SOLVED]

retrospective_test
Posts: 1
Joined: 02 Nov 2012, 20:42

Cannot parse month followed by 1-2 digit date [SOLVED]

Postby retrospective_test » 02 Nov 2012, 20:59

Hello, I'm trying to parse a /var/log/messages file from a Centos server.
Here is a sample:

Code: Select all

Mar  1 23:29:10 testserver dhclient: DHCPACK from 169.254.1.2


The auto-find only suggests the following: HH:mm:ss which doesn't match.

I can't find any documentation on the precise set of character
sequences to match date fields so I tried MMM dd HH:mm:ss without success.
One problem is that the regex generated is

[\p{L}]{3,10]\.{0,1} \d{1,2} \d{1,2}:\d{2}:\d{2}

which won't match the two spaces between "Mar" and "1".

Another problem is that I can't find any way to provide a default year so it assumes 1970.

Can you please document:
    How to match this common date format
    The full set of allowable date fields
    How to provide a default year when the log doesn't contain one

Thank you
tom.bujok
centeractive people
Posts: 19
Joined: 16 Aug 2012, 15:26

Re: Cannot parse 3-character month followed by 1-2 digit dat

Postby tom.bujok » 05 Nov 2012, 10:59

Hi,

Thanks for your feedback and sorry that your pattern is not supported well enough.
We will improve it in the version 2.1.3 that is coming out next week.

Date recognition unfortunately will not work well. In order to configure the line split correctly, paste the regex mentioned below in the first step of the configuration wizard, choosing the "Begins with" option:

Code: Select all

[\p{L}]{3,10}\.{0,1}[ ]{1,2}\d{1,2} \d{1,2}:\d{2}:\d{2}


The problem with the year 1970 when there is no year in the log file is a known issue.
We have an extensive story in our backlog that should cover this topic, but for now, please ignore the year.

Cheers,
Tom
Sin.Gularity
Posts: 3
Joined: 05 Jun 2013, 07:48

Re: Cannot parse month followed by 1-2 digit date [SOLVED]

Postby Sin.Gularity » 05 Jun 2013, 07:59

Hello Forum,

according to the above mentioned request, is there a comprehensive and complete manual for using patterns in Retrospective?

Would be great to have such a manual in case of weird log files (own project-/service-based).

Thanks in advance. :D

Kind regards,

Sin
urs.minder
centeractive people
Posts: 68
Joined: 06 Jun 2012, 16:45
Contact:

Re: Cannot parse month followed by 1-2 digit date [SOLVED]

Postby urs.minder » 28 Sep 2013, 07:23

Unfortunately we do not provide a manual with all kind of patterns that can be used in Retrospective for splitting individual log lines. There are so many special cases we could not even think about. We encourage the users to make a support request if Retrospective does not generate a useful pattern and they're not able to define it manually. We would then come up with a proposal and possibly also improve the automatic pattern recognition functionality to deal with it.

It would also be great if users would share patterns for their spacial cases in this forum.

Return to “Bug Reports”

Who is online

Users browsing this forum: No registered users and 1 guest