search

jtmoon79 / super-speedy-syslog-searcher

Speedily search and merge log messages by datetime
MIT License
45 stars 2 forks source link

precise support for datetime format from docker text field style `time="2022-10-09T21:33:15.541012931Z"` #286

Open jtmoon79 opened 6 months ago

jtmoon79 commented 6 months ago

Add precise support this ad-hoc format found in docker logs, i.e. a more precise Regex.

Taken from these Rancher OS docker logs, like file dockerlaunch.log

time="2022-10-09T21:33:15.541012931Z" level=info msg="Starting up"
time="2022-10-09T21:33:15.547531433Z" level=info msg="libcontainerd: started new containerd process" pid=1178

This is very similar to the JSONL format "datetime": "2022-10-09T21:33:15.541012931Z" support implemented in 75d48b0ea51d6cc73085bd253d1abd7989a3a059.

To be clear, this format is already supported and will be parsed (hence Issue Label P2). However, 131 of the regular expressions are compiled to find this, as shown in this --summary output

$ s4 --summary ./logs/RancherOS-1.5.8/dockerlaunch.log
time="2022-10-09T21:33:15.541012931Z" level=info msg="Starting up"
...

File: ./logs/RancherOS-1.5.8/dockerlaunch.log
...
Program Summary:
...
Regex patterns        : 153
Regex compiled        : 131

The regular expression pattern used is generic. Prefer a more precise pattern for the popular Docker service.