Use regular expressions to match java log in logstash grok plugin

Use logstash's grok plugin to match the log in the following format

2018-04-17 23:42:10.335  INFO [main] s.b.c.e.t.TomcatEmbeddedServletContainer : Tomcat initialized with port(s): 8080 (http)

with expressions

%{DATA:day} %{DATA:time} %{DATA:level} \[%{DATA:thread}\] %{DATA:className} \: %{GREEDYDATA:msg}

The matching result is

{
  "day": [
    [
      "2018-04-17"
    ]
  ],
  "time": [
    [
      "23:42:10.335"
    ]
  ],
  "level": [
    [
      " INFO 7304 ---"
    ]
  ],
  "thread": [
    [
      "main"
    ]
  ],
  "className": [
    [
      "s.b.c.e.t.TomcatEmbeddedServletContainer"
    ]
  ],
  "msg": [
    [
      "Tomcat initialized with port(s): 8080"
    ]
  ]
}

It can be seen that the time is divided into two fields, and the official expression does not match the Chinese time, so I thought about whether I could customize the regular expression, and finally found it. Here is my improved expression:

(?<fullTime>\S{10} \S{12}) %{DATA:level} \[%{DATA:thread}\] %{DATA:className} \: %{GREEDYDATA:msg}

The result time field is perfectly parsed:

{
  "fullTime": [
    [
      "2018-04-17 23:42:10.335"
    ]
  ],
  "level": [
    [
      " INFO"
    ]
  ],
  "thread": [
    [
      "main"
    ]
  ],
  "className": [
    [
      "s.b.c.e.t.TomcatEmbeddedServletContainer"
    ]
  ],
  "msg": [
    [
      "Tomcat initialized with port(s): 8080"
    ]
  ]
}