Highlighted
muratekren Super Contributor.
Super Contributor.
372 views

flexagent date time token problem

hi everybody

so i've a log file that starts with a date time and continues, the rest is ok but the date time part is a bit problematic. one log line is something like that

Jun  6 04:04:19 etc etc etc

I created a regex and tokenize the date and time fileds

regex=((\\S+)\\s+(\\d{1,2})\\s(\\d\\d\:\\d\\d\:\\d\\d))  ..................

token0=date-time

token.type=Date

token.format=MMM dd HH:mm:ss

and event.deviceRecepientTime=date-time

when i tested the flexagent with regex tool i receive an error due to date-time field format.

FATAL EXCEPTION:
Exception setting event values, please verify that the data type for [Date-Time]
type [class java.lang.String] and value [Sun Jun 06 04:04:19 EEST 2010] matches
the data type of [deviceReceiptTime(DateTime)] (java.util.Date cannot be cast t
o java.lang.Number)

Do anybody has a clue how to deal with this ???

Labels (2)
Tags (4)
0 Likes
Reply
3 Replies
gportnoy1
New Member.

Re: flexagent date time token problem

try this:

token[0].name=date-time

token[0].type=TimeStamp

token[0].format=MMM dd HH:mm:ss

0 Likes
Reply
muratekren Super Contributor.
Super Contributor.

Re: flexagent date time token problem

hi gary thanks for your quick reply , i found the same date time syntax and a sample regex in the flexagent dev guide's under sub-messages section 🙂 By the way do you know why are all the regex samples in dev guide are all single slash and the actually working regex that the flexagent uses are double slash ???

0 Likes
Reply
gportnoy1
New Member.

Re: flexagent date time token problem

That's just one of those things you have to accept and get used to. The regex backslash and a few other characters have to be escaped with a slash. If you use ArcSights regex tool (bin\arcsight regex), it'll automatically insert the second set of slashes for you.
0 Likes
Reply
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.