DateTime format conversion | Log collection solutions

#1 Ascendo 8 years ago

Hi all

I'm trying to forward logs to my Graylog server using nxlog, and it's working fine, except for one minor problem which I've been unable to fix:

The date/time format in the log is as follows:

2016/03/17 07:06:27 AM Message

I have been able to extract the date into $1 and time into $2 with regex (and message into $3) without an issue. However, I'm unable to parse the combination of the two as a date and get it into 24H format using parsedate or strptime.

Any ideas how I can populate $EventTime with the date + 24H time format from the above? Everything I try seems to result in the field being undefined.

Thanks

Permalink

#2 adm Nxlog ✓ 8 years ago (Last updated 5 years ago )

#1 Ascendo

Hi all I'm trying to forward logs to my Graylog server using nxlog, and it's working fine, except for one minor problem which I've been unable to fix: The date/time format in the log is as follows: 2016/03/17 07:06:27 AM Message I have been able to extract the date into $1 and time into $2 with regex (and message into $3) without an issue. However, I'm unable to parse the combination of the two as a date and get it into 24H format using parsedate or strptime. Any ideas how I can populate $EventTime with the date + 24H time format from the above? Everything I try seems to result in the field being undefined. Thanks

Have you tried strptime() ? This can handle the AM/PM format.