Sorting by date, missing days

Peter's Avatar

Peter

10 May, 2017 12:31 PM

I'm using PimpMyLog to display mail.log (postfix) entries. This works well, besides the fact that the sorting breaks after day 9. Double digits are not displayed. I obviously have done something wrong, but this has be busy for a few hours now:

Log output example of 2 lines:
May 9 22:59:52 someserver01 postfix/qmgr[1143]: BEE848265B: removed
May 10 06:25:24 someserver01 postfix/pickup[21150]: 2F0C781B0D: uid=0 from=<root>

Please notice the single digit for day 9 and double for day 10. This is not withing the standards of date notation, since it expects 09 and 10.

I use this config (snippet);
               "server7": {
                        "display" : "Mail Logging",
                        "path" : "\/var\/log\/mail.log",
                        "refresh" : 5,
                        "max" : 10,
                        "notify" : true,
                        "format" : {
                                "regex" : "|(.*?) (.*?) (.*?) (.*?) (.*?): (.*?): (.*?)$|U",
                                "export_title" : "URL",
                                "match" : {
"Day" : [1,2],
"Time" : 3,
"Server" : 4,
"Process" : 5,
"PID" : 6,
"Message" : 7
                                },
                                "types": {
"Day" : "date:M:d",
"Time" : "date:H:i:s",
"Server" : "txt",
"Process" : "txt",
"PID" : "numeral",
"Message" : "txt"
                                }
                        }
                }

What i do here is merge the Month (May) and the day (9 or 10) and combine them to a new value. This somehow works for the debugger and is excepted. An additional 0 is inserted if the day is a single digit.

Now here is the problem: When viewing the log, only entries up until day 9 are shown. Day 10 never appears, even when i 'load more' or show all ~70 entries using the 'view 100 logs' pull down. They are not visible.

What have i done wrong? And better, what an i do to resolve this?

With kind regards,

Peter

  1. 1 Posted by Peter on 10 May, 2017 12:46 PM

    Peter's Avatar

    Why is it that when you ask for help, you will almost immediately find an solution. This article gave it away:

    http://support.pimpmylog.com/kb/softwares/syslog-ng

    It also uses a log with a freestanding day field. But he uses a more specific regex. If i apply his method, my regex would look like:

                                    "regex" : "|(.*?) ([0-9]{1,2}) (.*?) (.*?) (.*?): (.*?): (.*?)$|U",

    Leaving the rest as is, it works!

    Sorry to for the noise. Maybe someone else may find it useful.

    With kind regards,

    Peter

  2. Support Staff 2 Posted by potsky on 10 May, 2017 01:10 PM

    potsky's Avatar

    ;-)

Reply to this discussion

Internal reply

Formatting help / Preview (switch to plain text) No formatting (switch to Markdown)

Attaching KB article:

»

Attached Files

You can attach files up to 10MB

If you don't have an account yet, we need to confirm you're human and not a machine trying to post spam.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac