Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

grok Pattern for two date format

Highlighted

grok Pattern for two date format

New Contributor

Have 2 date pattern in our log file is


Sep 3 15:10:54 192.168.0.1 3Sep2007


-----Our Zookeeper parser file


<code>    "parserConfig": {
            "grokPath": "/patterns/checkpoint",
            "patternLabel": "CUS_DELIMITED",
    "timestampField": "start_time",
    "timeFields": [
        "start_time",
        "end_time"
    ],
    "dateFormat": "MMM dd HH:mm:ss"
}

---our Pattern File


CUS_TIME_FORMAT %{MONTH:UNWANTED} %{MONTHDAY:UNWANTED} %{HOUR:UNWANTED}:%{MINUTE:UNWANTED}:%{SECOND:UNWANTED}


CUS_DELIMITED %{CUS_TIME_FORMAT:start_time} %{IP:ip_src_addr} %{DATA:end_time}


Getting Error


Grok statement produced a null message. Original message was: Sep 3 15:10:54 192.168.0.1 3Sep2007.


If changed log date to 2018-06-28 00:00:00 and date format to "dateFormat": "yyyy-MM-dd HH:mm:ss" It works.

Please help. Kindly suggest us what is wrong here. Thanks in Advance to all members.

1 REPLY 1

Re: grok Pattern for two date format

New Contributor

@Vijay Radha

There is an error on your grok parser end_time is returned blank, I had to change it to GREEDYDATA.

%{CUS_TIME_FORMAT:start_time} %{IP:ip_src_addr} %{GREEDYDATA:end_time}

the dateFormat field seems to take only one date format so we can not use multiple date format definitions. Removing the end_time from the timeFields you can ingest the data.

Don't have an account?
Coming from Hortonworks? Activate your account here