Grok patterns for timestamp

Question

Is there a grok pattern to extract the timestamp and date out of this string.

21:11:51:569/UTC(11/5/2015)

?

I am able to use the grok patterns DATE_US and TIME separately. But not together (ie)

The below patterns work.

%{TIME:time} -- 21:11:51:569/UTC
%{DATE_US:date} -- (11/5/2015)

However the complete string 21:11:51:569/UTC(11/5/2015) is not evaluating with %{TIME:time}|%{DATE_US:date}

Answer 1

I think you asked about 6 questions; we'll see if I get them all...

1. There is no build-in pattern that will match your datetime format.
2. %{TIME} will match your "21:11:51:569" (though I can't imagine wanting "51:569" for "seconds").
3. %{TIME} will not match your timezone info.
4. %{DATE_US} will match your "11/5/2015".
5. Saying "foo|bar" in a regular expression is intended to match "foo" OR "bar". Your pattern of "%{TIME}|%{DATE}" matches the time, then stops.
6. A pattern like this will match both pieces: %{TIME}/UTC\(%{DATE_US}\)
7. Use can use the %{TZ} pattern to match the timezone.

So, with all that, try:

%{TIME:time}/%{TZ:tz}\(%{DATE_US:date}\)