Support Questions

vijayanath · ‎06-30-2018

Have 2 date pattern in our log file is

Sep 3 15:10:54 192.168.0.1 3Sep2007

-----Our Zookeeper parser file

<code>    "parserConfig": {
            "grokPath": "/patterns/checkpoint",
            "patternLabel": "CUS_DELIMITED",
    "timestampField": "start_time",
    "timeFields": [
        "start_time",
        "end_time"
    ],
    "dateFormat": "MMM dd HH:mm:ss"
}

---our Pattern File

CUS_TIME_FORMAT %{MONTH:UNWANTED} %{MONTHDAY:UNWANTED} %{HOUR:UNWANTED}:%{MINUTE:UNWANTED}:%{SECOND:UNWANTED}

CUS_DELIMITED %{CUS_TIME_FORMAT:start_time} %{IP:ip_src_addr} %{DATA:end_time}

Getting Error

Grok statement produced a null message. Original message was: Sep 3 15:10:54 192.168.0.1 3Sep2007.

If changed log date to 2018-06-28 00:00:00 and date format to "dateFormat": "yyyy-MM-dd HH:mm:ss" It works.

Please help. Kindly suggest us what is wrong here. Thanks in Advance to all members.

rayarnav · ‎07-03-2018

@Vijay Radha

There is an error on your grok parser end_time is returned blank, I had to change it to GREEDYDATA.

%{CUS_TIME_FORMAT:start_time} %{IP:ip_src_addr} %{GREEDYDATA:end_time}

the dateFormat field seems to take only one date format so we can not use multiple date format definitions. Removing the end_time from the timeFields you can ingest the data.

Cloudera Community

Support Questions

grok Pattern for two date format