forked from y-scope/log-surgeon
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathschema.txt
65 lines (61 loc) · 2.4 KB
/
schema.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
// Timestamps (using the `timestamp` keyword)
// E.g. 2015-01-31T15:50:45.392
timestamp:\d{4}\-\d{2}\-\d{2}T\d{2}:\d{2}:\d{2}.\d{3}
// E.g. 2015-01-31T15:50:45,392
timestamp:\d{4}\-\d{2}\-\d{2}T\d{2}:\d{2}:\d{2},\d{3}
// E.g. [2015-01-31T15:50:45
timestamp:\[\d{4}\-\d{2}\-\d{2}T\d{2}:\d{2}:\d{2}
// E.g. [20170106-16:56:41]
timestamp:\[\d{4}\d{2}\d{2}\-\d{2}:\d{2}:\d{2}\]
// E.g. 2015-01-31 15:50:45,392
// E.g. INFO [main] 2015-01-31 15:50:45,085
timestamp:\d{4}\-\d{2}\-\d{2} \d{2}:\d{2}:\d{2},\d{3}
// E.g. 2015-01-31 15:50:45.392
timestamp:\d{4}\-\d{2}\-\d{2} \d{2}:\d{2}:\d{2}.\d{3}
// E.g. [2015-01-31 15:50:45,085]
timestamp:\[\d{4}\-\d{2}\-\d{2} \d{2}:\d{2}:\d{2},\d{3}\]
// E.g. 2015-01-31 15:50:45
// E.g. Started POST /api/v3/internal/allowed for 127.0.0.1 at 2017-06-18 00:20:44
// E.g. update-alternatives 2015-01-31 15:50:45
timestamp:\d{4}\-\d{2}\-\d{2} \d{2}:\d{2}:\d{2}
// E.g. Start-Date: 2015-01-31 15:50:45
timestamp:\d{4}\-\d{2}\-\d{2} \d{2}:\d{2}:\d{2}
// E.g. 2015/01/31 15:50:45
timestamp:\d{4}/\d{2}/\d{2} \d{2}:\d{2}:\d{2}
// E.g. 15/01/31 15:50:45
timestamp:\d{2}/\d{2}/\d{2} \d{2}:\d{2}:\d{2}
// E.g. 150131 9:50:45
timestamp:\d{2}\d{2}\d{2} [ 0-9]{2}:\d{2}:\d{2}
// E.g. 01 Jan 2016 15:50:17,085
timestamp:\d{2} [A-Z][a-z]{2} \d{4} \d{2}:\d{2}:\d{2},\d{3}
// E.g. Jan 01, 2016 3:50:17 PM
timestamp:[A-Z][a-z]{2} \d{2}, \d{4} [ 0-9]{2}:\d{2}:\d{2} [AP]M
// E.g. January 31, 2015 15:50
timestamp:[A-Z][a-z]+ \d{2}, \d{4} \d{2}:\d{2}
// E.g. E [31/Jan/2015:15:50:45
// E.g. localhost - - [01/Jan/2016:15:50:17
// E.g. 192.168.4.5 - - [01/Jan/2016:15:50:17
timestamp:\[\d{2}/[A-Z][a-z]{2}/\d{4}:\d{2}:\d{2}:\d{2}
// E.g. 192.168.4.5 - - [01/01/2016:15:50:17
timestamp:\[\d{2}/\d{2}/\d{4}:\d{2}:\d{2}:\d{2}
// E.g. ERROR: apport (pid 4557) Sun Jan 1 15:50:45 2015
timestamp:[A-Z][a-z]{2} [A-Z][a-z]{2} [ 0-9]{2} \d{2}:\d{2}:\d{2} \d{4}
// E.g. <<<2016-11-10 03:02:29:936
timestamp:<<<\d{4}\-\d{2}\-\d{2} \d{2}:\d{2}:\d{2}:\d{3}
// E.g. Jan 21 11:56:42
timestamp:[A-Z][a-z]{2} \d{2} \d{2}:\d{2}:\d{2}
// E.g. 01-21 11:56:42.392
timestamp:\d{2}\-\d{2} \d{2}:\d{2}:\d{2}.\d{3}
// E.g. 2016-05-08 11:34:04.083464
timestamp:\d{4}\-\d{2}\-\d{2} \d{2}:\d{2}:\d{2}.\d{6}
// Delimiters
delimiters: \t\r\n:,!;%
// First set of variables
int:\-{0,1}[0-9]+
double:\-{0,1}[0-9]+\.[0-9]+
// Second set of variables
hex:[a-fA-F]+
hasNumber:.*\d.*
equals:.*=.*[a-zA-Z0-9].*
// Log Level
loglevel:(INFO)|(DEBUG)|(WARN)|(ERROR)|(TRACE)|(FATAL)