Search code examples
javasqlepochgrok

Convert time from Apache Log to Epoch time

Edit: Working solution. Original question below.

private Timestamp extractTimestamp(Object timestamp) {
    try {
        return Timestamp.from(Instant.ofEpochMilli(Long.valueOf(String.valueOf(timestamp))));
    } catch(NumberFormatException e) {
        System.out.println("Not in Epoch format");
    }
    try {
        return Timestamp.from(Instant.parse(String.valueOf(timestamp)));
    } catch(DateTimeParseException e) {
        System.out.println("Not in UTC format");
    }
    try {
        return Timestamp.valueOf(String.valueOf(timestamp));
    } catch(IllegalArgumentException e) {
        System.out.println("Not in SQL format");
    }
    try {               
        SimpleDateFormat formatter = new SimpleDateFormat("dd/MMM/yyyy:hh:mm:ss Z");
        Date date = formatter.parse(String.valueOf(timestamp));
        return Timestamp.from(Instant.ofEpochMilli(date.getTime()));
    } catch(ParseException e) {
        System.out.println("Not in Apache Log format");
    }
    // Return current time if none found
    return Timestamp.from(Instant.now());
}

I am attempting to parse the timestamp from an Apache access log and turn it into an Epoch timestamp or an SQL timestamp. I already have code in place to convert from epoch to the SQL timestamp for other formats so my main concern is to get to Epoch format or any other easily convertable format. I am currently using a Grok pattern for it however I am looking for a more efficient way of extracting the time.

Below is a sample of the log and timestamp I am pulling and my current code:

127.0.0.1 127.0.0.1 - - [04/Nov/2016:08:00:02 -0400] "GET /loc/ation" 200 163 "-" "-" 26 163 37526

04/Nov/2016:08:00:02 -0400

private Timestamp extractTimestamp(Object timestamp) {
  try {
    return Timestamp.from(Instant.ofEpochMilli(Long.valueOf(String.valueOf(timestamp))));
  } catch(NumberFormatException e) {
    System.out.println("Not in Epoch format");
  }
  try {
    return Timestamp.from(Instant.parse(String.valueOf(timestamp)));
  } catch(DateTimeParseException e) {
    System.out.println("Not in UTC format");
  }
  try {
    return Timestamp.valueOf(String.valueOf(timestamp));
  } catch(IllegalArgumentException e) {
    System.out.println("Not in SQL Time format");
  }
  try {
    // Sample timestamp: 04/Nov/2016:08:00:02 -0400
    String apacheLogExpression = "%{NUMBER:day}/%{WORD:month}/%{NUMBER:year}:%{NUMBER:hour}:%{NUMBER:minute}:%{NUMBER:second}\\s%{GREEDYDATA:offset}";
    Grok compiledPattern = dictionary.compileExpression(apacheLogExpression);
    Map<String, String> values = compiledPattern.extractNamedGroups(String.valueOf(timestamp));
    System.out.println(values);
  } catch(Exception e) {
    System.out.println("Not in Apache Log format");
    e.printStackTrace();
  }
  // Return current time if none found
  return Timestamp.from(Instant.now());
}

Thanks in advance for any help!

Solution 
  •     String logTime = "04/Nov/2016:08:00:02 -0400";
    SimpleDateFormat formatter = new SimpleDateFormat("dd/MMM/yyyy:hh:mm:ss Z");
    Date date = formatter.parse(logTime);
    System.out.println(date);

    Will print Fri Nov 04 14:00:02 EET 2016 and basically get java.util.Date object