2011-12-01T00:43:51.251871+05:18 Dec 01 2011 00:41:32 KOC-TEJ-AMEX-ASA-5510-6 : %ASA-4-106023: Deny icmp src TCS:172.26.40.1 dst AMEX:172.26.40.187 (type 5, code 0) by access-group "TCS_access_in" [0x953d065b, 0x0]
抽出する必要があります2011-12-01T00:43:51.251871+05:18
私のコード
create view standardLogTime as
extract regex /(\d{4}\-\d{2}\-\d+\w+\:\d{2}\:\d+\.\d+\+\d+\:\d+)/ on D.text as testValue
from Document D;
-標準ログ生成時間を抽出します。
create view standardLogTime as
extract regex /\d{4}(-\d{2}){2}T(\d{2}:){2}\d{2}\.\d+?\+\d{2}:\d{2}/ on D.text as testValue
from Document D;
output view standardLogTime;
-着信リクエストの日付を抽出しています。
create view dateView as
extract regex /(\s+\w+\s\d+\s\d{4})/ on Date.text as testDate from Document Date;
--出力ビューdateView;
-着信要求時間を抽出します。
create view timeView as
extract regex /\s+(\d{1,2}\:\d{1,2}\:\d{1,2})/ on Time.text
as requestTime from Document Time;
--出力ビューtimeView;
-ファイアウォールデバイス名を抽出しています。
create view deviceName as
extract regex /(\w+\-\w+\-\w+\-\w+\-\d+\-\d+)/ on Device.text
as deviceName from Document Device;
--出力ビューdeviceName;
create view combinedView as
extract pattern (<S.testValue>) (<D.testDate>) (<T.requestTime>) (<Div.deviceName>)
return group 0 as logTime and
group 1 as date and
group 2 as time and
group 3 as deviceName
from standardLogTime S,dateView D ,timeView T,deviceName Div;
output view combinedView;*/