Need to write a regex for same as time and same as event given below in image
Hi @Praz_123
Did the time extraction I provided in the previous thread not work for you for some reason?
TIME_PREFIX="ds":\s"
TIME_FORMAT=%Y-%m-%dT%H:%M:%S
MAX_TIMESTAMP_LOOKAHEAD=20The reason for your error is the extra "." you have in your TIME_PREFIX which is causing it to skip the first character of the year. Also you need to specify the MAX_TIMESTAMP_LOOKAHEAD.
Below is my previous response incase you missed it.
@livehybrid wrote:
[yourSourceType]
SHOULD_LINEMERGE=false
LINE_BREAKER=([\S\s\n]+"predictions":\s\[\s*)|}(\s*\,\s*){|([\s\n\r]*\][\s\n\r]*}[\s\n\r]*)
NO_BINARY_CHECK=true
TIME_PREFIX="ds":\s"
TIME_FORMAT=%Y-%m-%dT%H:%M:%S
MAX_TIMESTAMP_LOOKAHEAD=20🌟 Did this answer help you? If so, please consider:
- Adding karma to show it was useful
- Marking it as the solution if it resolved your issue
- Commenting if you need any clarification
Your feedback encourages the volunteers in this community to continue contributing
@kiran_panchavat
am getting the error as I need the same date and time extraction while using the time format and time prefix am getting the below error
Below is my props.conf
[ _json ]
SHOULD_LINEMERGE=false
LINE_BREAKER=([\S\s\n]+"predictions":\s\[\s*)|}(\s*\,\s*){|([\s\n\r]*\][\s\n\r]*}[\s\n\r]*)
NO_BINARY_CHECK=true
TIME_FORMAT=%Y-%m-%dT%H:%M:%S
TIME_PREFIX=\[|ds\"\:\s\".
@kiran_panchavat
Not working for me are you using different event breaks and timestamp
I used the below props.conf
[ <SOURCETYPE NAME> ]
CHARSET=AUTO
SHOULD_LINEMERGE=true
LINE_BREAKER=([\r\n]+)
TIME_FORMAT=%Y-%m-%dT%H:%M:%S
TIME_PREFIX= "ds":\s*"
Check the data which you uploaded it should be .json format not .txt format.
[ jsontest ]
CHARSET=UTF-8
LINE_BREAKER=([\S\s\n]+"predictions":\s\[\s*)|}(\s*\,\s*){|([\s\n\r]*\][\s\n\r]*}[\s\n\r]*)
NO_BINARY_CHECK=true
SHOULD_LINEMERGE=true
category=Custom
pulldown_type=true
