I have a timestamp 2015-11-01 21:45:25,296 like I mentioned above. is it possible to extract the the day of the week(Mon, Tue,etc) using any regular expression or grok pattern.
我有一个时间戳2015-11-01 21:45:25,296就像我上面提到的那样。是否可以使用任何正则表达式或grok模式提取星期几(星期一,星期二等)。
Thanks in advance
提前致谢
3 个解决方案
#1
1
this is quite easy if you want to use the ruby filter. I am lazy so I am only doing this.
如果你想使用ruby过滤器,这很容易。我很懒,所以我只是这样做。
Here is my filter:
这是我的过滤器:
filter {
ruby {
code => "
p = Time.parse(event['message']);
event['day-of-week'] = p.strftime('%A');
"
}
}
The 'message' variable is the field that contains your timestamp
'message'变量是包含时间戳的字段
With stdin and stdout and your string, you get:
使用stdin和stdout以及你的字符串,你得到:
artur@pandaadb:~/dev/logstash$ ./logstash-2.3.2/bin/logstash -f conf2/
Settings: Default pipeline workers: 8
Pipeline main started
2015-11-01 21:45:25,296
{
"message" => "2015-11-01 21:45:25,296",
"@version" => "1",
"@timestamp" => "2016-08-03T13:07:31.377Z",
"host" => "pandaadb",
"day-of-week" => "Sunday"
}
Hope that is what you need,
希望这是你需要的,
Artur
阿图尔
#2
0
What you want is:
你想要的是:
Assuming your string is 2015-11-01 21:45:25,296
假设你的字符串是2015-11-01 21:45:25,296
mydate='2015-11-01'
date +%a -d ${mydate% *}
Will give you what you want.
会给你你想要的。
#3
0
Short answer is not, you can't. A regex, according to Wikipedia:
简短的回答不是,你不能。根据*的正则表达式:
...is a sequence of characters that define a search pattern, mainly for use in pattern matching with strings, or string matching, i.e. "find and replace"-like operations.
...是定义搜索模式的字符序列,主要用于与字符串进行模式匹配,或字符串匹配,即“查找和替换”类操作。
So, a regex allow you to parse a String, it searches for information within the String, but it doesn't make calculations over it. If you want to make such calculations you need help from a programming language (java, c#, or Ruby[like @pandaadb suggested] etc) or some other tool that makes those calculations (Epoch Converter).
因此,正则表达式允许您解析String,它在String中搜索信息,但它不会对其进行计算。如果你想进行这样的计算,你需要编程语言(java,c#或Ruby [如@pandaadb建议]等)的帮助或其他一些进行这些计算的工具(Epoch Converter)。
#1
1
this is quite easy if you want to use the ruby filter. I am lazy so I am only doing this.
如果你想使用ruby过滤器,这很容易。我很懒,所以我只是这样做。
Here is my filter:
这是我的过滤器:
filter {
ruby {
code => "
p = Time.parse(event['message']);
event['day-of-week'] = p.strftime('%A');
"
}
}
The 'message' variable is the field that contains your timestamp
'message'变量是包含时间戳的字段
With stdin and stdout and your string, you get:
使用stdin和stdout以及你的字符串,你得到:
artur@pandaadb:~/dev/logstash$ ./logstash-2.3.2/bin/logstash -f conf2/
Settings: Default pipeline workers: 8
Pipeline main started
2015-11-01 21:45:25,296
{
"message" => "2015-11-01 21:45:25,296",
"@version" => "1",
"@timestamp" => "2016-08-03T13:07:31.377Z",
"host" => "pandaadb",
"day-of-week" => "Sunday"
}
Hope that is what you need,
希望这是你需要的,
Artur
阿图尔
#2
0
What you want is:
你想要的是:
Assuming your string is 2015-11-01 21:45:25,296
假设你的字符串是2015-11-01 21:45:25,296
mydate='2015-11-01'
date +%a -d ${mydate% *}
Will give you what you want.
会给你你想要的。
#3
0
Short answer is not, you can't. A regex, according to Wikipedia:
简短的回答不是,你不能。根据*的正则表达式:
...is a sequence of characters that define a search pattern, mainly for use in pattern matching with strings, or string matching, i.e. "find and replace"-like operations.
...是定义搜索模式的字符序列,主要用于与字符串进行模式匹配,或字符串匹配,即“查找和替换”类操作。
So, a regex allow you to parse a String, it searches for information within the String, but it doesn't make calculations over it. If you want to make such calculations you need help from a programming language (java, c#, or Ruby[like @pandaadb suggested] etc) or some other tool that makes those calculations (Epoch Converter).
因此,正则表达式允许您解析String,它在String中搜索信息,但它不会对其进行计算。如果你想进行这样的计算,你需要编程语言(java,c#或Ruby [如@pandaadb建议]等)的帮助或其他一些进行这些计算的工具(Epoch Converter)。