On Thu, 24 Jan 2019, Thomas Deutschmann via rsyslog wrote:
However I realized that even if I would receive messages with
a date value supported by any date-* parser in liblognorm, I
would be unable to transform the matched value just via
property(name="$!timestmap" dateFormat="rfc3339")
On 2019-01-23 09:33, David Lang wrote:
> Rsyslog does not yet have good date manipulation capabilities. We have
> started it with parse_time() and format_time(), but they are currently
> very limited.
Yeah, extracting each value and creating a new date format like
> template(name="iso8601date"
Hi,
thank you, the links to the openshift repository were very helpful!
I am now doing something like
> lookup_table(name="normalize_month"
> file="/etc/rsyslog.d/normalize_month.json")
> action(
> type="mmnormalize"
>
On Wed, 23 Jan 2019, Thomas Deutschmann via rsyslog wrote:
This could be a workaround, yes. How would I translate %b value, i.e.
the abbreviated month name into its numeric representation? 12 if
clauses or is there a better way?
Rsyslog does not yet have good date manipulation capabilities.
Use a lookup table -
https://www.rsyslog.com/doc/v8-stable/rainerscript/lookup_tables.html
here are some examples of using a lookup table to map priority numeric values
to log level string values, and log level values to their canonical
representation:
Hi,
On 2019-01-22 23:37, John Chivian wrote:
> If I understand the need correctly, you could chop your $!timestamp (or
> $msg) into pieces with the substring function, and then use the values
> contained in the pieces. It's a way of "parsing" it yourself.
This could be a workaround, yes. How
If I understand the need correctly, you could chop your $!timestamp (or
$msg) into pieces with the substring function, and then use the values
contained in the pieces. It's a way of "parsing" it yourself.
Regards,
On 1/22/19 2:44 PM, Thomas Deutschmann via rsyslog wrote:
Hi,
tl;dr
How
Hi,
tl;dr
How can I parse and use a date?
Long story:
An application is writing a log file (/var/log/application.log).
Each message starts with a date format like
[%d/%b/%Y:%H:%M:%S %z]
which resolves to
[21/Jan/2019:12:20:41 +0100]
for example.
I am reading that file using imfile
8 matches
Mail list logo
