parse syslog date without year #19176
Replies: 1 comment 7 replies
-
That is BSD-Syslog (RFC 3164) formatted
Perhaps it would be better to try detect and extract that extra field that makes it incompatible with That said I am familiar with the format you want for RFC 3164 timestamp due to this recent syslog PR. Try:
Oh, just realized that your I guess this is an issue with
I'm unable to test myself right now but presumably you could just provide/prepend the current year? Perhaps with |
Beta Was this translation helpful? Give feedback.
-
Hi All,
I am new to vector. I am trying to parse network syslogs but cannot use parse_syslog as some logs have an extra field, not standard format. I can parse my logs with regex but i want to use the timestamp of the actual message, not when it arrived. The time/date format is "Nov 15 19:45:00" - without the year ;(.
$ parse_timestamp!("Nov 15 19:45:00", format: "%h %e %T")
function call error for "parse_timestamp" at (0:55): Invalid timestamp "Nov 15 19:45:00": input is not enough for unique date and time.
testing in vrl, it looks like parse_timestamp requires a year and does not default to 'this year'. Can someone help me overcome this? Probably easy when you know how ;).
Beta Was this translation helpful? Give feedback.
All reactions