You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@nifi.apache.org by Madhukar Thota <ma...@gmail.com> on 2016/08/04 09:25:35 UTC

Syslog timestamp

How to convert Both RFC5424 and RFC3164 syslog timestamp attribute to type
to long.

Will some thing like this works?

${syslog.timestamp:toDate('MMM d HH:mm:ss'):toNumber():or(
   ${syslog.timestamp:toDate("yyyy-MM-dd'T'HH:mm:ss.SZ"):toNumber()}
):or(
   ${syslog.timestamp:toDate("yyyy-MM-dd'T'HH:mm:ss.S+hh:mm"):toNumber()}
)}

Re: Syslog timestamp

Posted by Mark Payne <ma...@hotmail.com>.

The JIRA page is at https://issues.apache.org/jira/browse/NIFI <https://issues.apache.org/jira/browse/NIFI>

You can create an account there if you don't already have one (I believe the same JIRA
account exists for all Apache projects so if you've ever filed a JIRA for another project,
it should be the same username and password).

Thanks
-Mark


> On Aug 5, 2016, at 2:14 PM, Madhukar Thota <ma...@gmail.com> wrote:
> 
> Thanks Mark. Do i have access to jira to submit the issue?
> 
> On Fri, Aug 5, 2016 at 1:54 PM, Mark Payne <markap14@hotmail.com <ma...@hotmail.com>> wrote:
> Madhukar,
> 
> Currently, I don't think there's any really easy way to do this. You'd have to use a RouteOnAttribute
> with a regex, probably to determine which date format is being used, and then use another processor to 
> perform the toDate() function.
> 
> That being said, this is a good idea of something that we should support. If you want to file a JIRA, we could
> certainly incorporate something, so that you can provide multiple date formats and it would just use whichever
> one works. For example, you should be able to do:
> ${syslog.timestamp:toDate("MMM d HH:mm:ss", "yyyy-MM-dd'T'HH:mm:ss.SZ", "yyyy-MM-dd'T'HH:mm:ss.S+hh:mm")}
> 
> Thanks
> -Mark
> 
> 
>> On Aug 5, 2016, at 1:40 PM, Madhukar Thota <madhukar.thota@gmail.com <ma...@gmail.com>> wrote:
>> 
>> Any help?
>> 
>> On Thu, Aug 4, 2016 at 5:25 AM, Madhukar Thota <madhukar.thota@gmail.com <ma...@gmail.com>> wrote:
>> How to convert Both RFC5424 and RFC3164 syslog timestamp attribute to type to long. 
>> 
>> Will some thing like this works?
>> 
>> ${syslog.timestamp:toDate('MMM d HH:mm:ss'):toNumber():or(
>>    ${syslog.timestamp:toDate("yyyy-MM-dd'T'HH:mm:ss.SZ"):toNumber()}
>> ):or(
>>    ${syslog.timestamp:toDate("yyyy-MM-dd'T'HH:mm:ss.S+hh:mm"):toNumber()}
>> )}
>> 
> 
>

Re: Syslog timestamp

Posted by Madhukar Thota <ma...@gmail.com>.

Thanks Mark. Do i have access to jira to submit the issue?

On Fri, Aug 5, 2016 at 1:54 PM, Mark Payne <ma...@hotmail.com> wrote:

> Madhukar,
>
> Currently, I don't think there's any really easy way to do this. You'd
> have to use a RouteOnAttribute
> with a regex, probably to determine which date format is being used, and
> then use another processor to
> perform the toDate() function.
>
> That being said, this is a good idea of something that we should support.
> If you want to file a JIRA, we could
> certainly incorporate something, so that you can provide multiple date
> formats and it would just use whichever
> one works. For example, you should be able to do:
> ${syslog.timestamp:toDate("MMM d HH:mm:ss", "yyyy-MM-dd'T'HH:mm:ss.SZ",
> "yyyy-MM-dd'T'HH:mm:ss.S+hh:mm")}
>
> Thanks
> -Mark
>
>
> On Aug 5, 2016, at 1:40 PM, Madhukar Thota <ma...@gmail.com>
> wrote:
>
> Any help?
>
> On Thu, Aug 4, 2016 at 5:25 AM, Madhukar Thota <ma...@gmail.com>
> wrote:
>
>> How to convert Both RFC5424 and RFC3164 syslog timestamp attribute to
>> type to long.
>>
>> Will some thing like this works?
>>
>> ${syslog.timestamp:toDate('MMM d HH:mm:ss'):toNumber():or(
>>    ${syslog.timestamp:toDate("yyyy-MM-dd'T'HH:mm:ss.SZ"):toNumber()}
>> ):or(
>>    ${syslog.timestamp:toDate("yyyy-MM-dd'T'HH:mm:ss.S+hh:mm"):toNumber()}
>> )}
>>
>
>
>

Re: Syslog timestamp

Posted by Mark Payne <ma...@hotmail.com>.

Madhukar,

Currently, I don't think there's any really easy way to do this. You'd have to use a RouteOnAttribute
with a regex, probably to determine which date format is being used, and then use another processor to 
perform the toDate() function.

That being said, this is a good idea of something that we should support. If you want to file a JIRA, we could
certainly incorporate something, so that you can provide multiple date formats and it would just use whichever
one works. For example, you should be able to do:
${syslog.timestamp:toDate("MMM d HH:mm:ss", "yyyy-MM-dd'T'HH:mm:ss.SZ", "yyyy-MM-dd'T'HH:mm:ss.S+hh:mm")}

Thanks
-Mark

> On Aug 5, 2016, at 1:40 PM, Madhukar Thota <ma...@gmail.com> wrote:
> 
> Any help?
> 
> On Thu, Aug 4, 2016 at 5:25 AM, Madhukar Thota <madhukar.thota@gmail.com <ma...@gmail.com>> wrote:
> How to convert Both RFC5424 and RFC3164 syslog timestamp attribute to type to long. 
> 
> Will some thing like this works?
> 
> ${syslog.timestamp:toDate('MMM d HH:mm:ss'):toNumber():or(
>    ${syslog.timestamp:toDate("yyyy-MM-dd'T'HH:mm:ss.SZ"):toNumber()}
> ):or(
>    ${syslog.timestamp:toDate("yyyy-MM-dd'T'HH:mm:ss.S+hh:mm"):toNumber()}
> )}
>

Re: Syslog timestamp

Posted by Madhukar Thota <ma...@gmail.com>.

Any help?

On Thu, Aug 4, 2016 at 5:25 AM, Madhukar Thota <ma...@gmail.com>
wrote:

> How to convert Both RFC5424 and RFC3164 syslog timestamp attribute to
> type to long.
>
> Will some thing like this works?
>
> ${syslog.timestamp:toDate('MMM d HH:mm:ss'):toNumber():or(
>    ${syslog.timestamp:toDate("yyyy-MM-dd'T'HH:mm:ss.SZ"):toNumber()}
> ):or(
>    ${syslog.timestamp:toDate("yyyy-MM-dd'T'HH:mm:ss.S+hh:mm"):toNumber()}
> )}
>