[Feature] Convert unix timestamps to human-readable form

zarunbal / LogExpert

Windows tail program and log file analyzer.

Other

953 stars 163 forks source link

[Feature] Convert unix timestamps to human-readable form #139

Open AndisGrossteins opened 5 years ago

AndisGrossteins commented 5 years ago

Use case

Some applications use Unix timestamps in log files. One such project is DNSCrypt/dnscrypt-proxy

For example, a few lines from dnscrypt-proxy query.log:

time:1571594512 host:127.0.0.1  message:detectportal.firefox.com    type:A  return:SERVER_ERROR cached:0    duration:3160   server:doh-crypto-sx
time:1571594512 host:127.0.0.1  message:detectportal.firefox.com    type:A  return:SERVER_ERROR cached:0    duration:3569   server:doh-crypto-sx
time:1571594513 host:127.0.0.1  message:detectportal.firefox.com    type:A  return:SERVER_ERROR cached:0    duration:4441   server:jp.tiarap.org
time:1571594513 host:127.0.0.1  message:detectportal.firefox.com    type:A  return:SERVER_ERROR cached:0    duration:5905   server:jp.tiarap.org

A few questions

Would it be possible to display Unix timestamps using a custom format (%Y-%m-%d %H:%i:%s)? Maybe as a custom columnizer? Or is there a better approach to implement something like this?

zarunbal commented 5 years ago

You could create a custom columnizer which parses unix timestamps and even sort them in columns, like TimeStampColumnizer. Currently there is no better approach to achive this

AndisGrossteins commented 5 years ago

I'll try a stab at writing a custom columnizer with timestamp conversion next weekend. Although, it would be much better to create a line processor interface for similar tasks.

achimmihca commented 2 years ago

create a custom columnizer

I think there should be a differentiation between

columnizer or tokenizer: splits a line into several columns
- Example: RegEx for one number column followed by the rest of the line: (\d+)(.*)
- Other example: Split line at positions 8, 12, 25
column parser or cell parser: parses the content of a column to display it in a certain way
- Example: Interpret a number as Unix timestamp and display this datetime in some format
- Other example: parse a date in a certain format and display it in another format
- Other example: If column text is "ERROR" show a sad smiley, otherwise show a happy smiley.

For naming, one could define a columnizer as combination of one tokenizer and multiple column parsers. The UI should then provide a way to assign column parsers to the columns of a tokenizer (e.g. by column index)