Version:

List of Definers

Definers are inbuilt customized regex used to extract information from log messages during normalization. The following is a list of system-defined definers with examples.

int

123

float

12.3

int_float

123

12.3

word

Deny

words

Connection Denied

quoted

"Tear-down Connection"

string

Random string

nonwhitespace

no-whitespace

ipv4

192.168.2.222

ipv6

2001:0db8:85a3:0000:0000:8a2e:0370:7334

fe80:0:0:0:202:b3ff:fe1e:8329

fe80::202:b3ff:fe1e:8329

::1

ip

2001:0db8:85a3:0000:0000:8a2e:0370:7334

192.168.2.222

port

84000

ip_port

[ipv6]:int

[fe80::202:b3ff:fe1e:8329]:8000

ipv4:int

192.168.2.222:514

timestamp

1654575494

date

2009/12/31

2009 12 31

2009-12-31

time

23:59:59

datetime

From LogPoint version 5.5.0, adjustment of the date-time extracted using the datetime definer has been modified.

  • Case 1: There is no offset in Time Zone in the log message.

    In this case, LogPoint internally adjusts the extracted date and time on the basis of the Time Zone of the device from which the log has been generated and saves it in Unix timestamp.

  • Case 2: There is an offset in Time Zone in the log message.

    In this case, LogPoint internally adjusts the extracted date and time on the basis of the offset of the log message and saves it in Unix timestamp.

Fri Apr 1 16:32:22 2016

Oct 23 17:03:55 2008 GMT

Aug 13 22:25:29 2015

datetime_d

11-30-2015T08:15:30-05:00

07-27-2015T19:20:30.45+01:00

11/30/2012 18:37:26

8/31/2011 07:50:41.600

01-19-2015 15:20:20 UTC

Fri 05-11-2014T08:15:30+05:00

datetime_m

2009/12/31 23:59:59

2014-11-05T08:15:30-05:00

05-11-2014T08:15:30+05:00

2014-07-16T19:20:30.45+01:00

27-07-2015T19:20:30.45+01:00

2014-11-05T13:15:30Z

20-11-2015T13:15:30Z

2015-01-19 15:20:20 UTC

jdatetime

2000/00100:00:00.000

2009/365 23:59:59.999999

2009.365 23.59.59:999999

2014/197/10.30.57.45

ne_date

30.01.2022

30.1.2022

30.Jan.2022

ne_datetime

30.1.2022 10:00:00

30.01.2022 10:00:00

30.Jan.2022

mac_address

38:f9:d3:53:54:9a

02:42:a3:e9:76:7b

9A-FF-aF-AA-bB-cD

8-Ab:c9-fE-9D:11

duration

34:59:59 sec

syslog_time

Dec 3 13:30:12

uri

http://www.wikipedia.org/

file:///home/username/RomeoAndJuliet.pdf

relative/path/to/resource.txt

resource.txt

email

yourname@yourdomain.com

all

Non greedy (".*?"),captures least content and won't work without a limiter.

all_max

Greedy (".*"), captures all the contents to the end from where it has begun.

xml

<id>2</id>
Helpful?

We are glad this guide helped.


Please don't include any personal information in your comment

Contact Support