My initial experience using angle-grinder

[linaran]

I had a log file with rows that contained various information. The only common info to all of them was the date and the time of the row. My goal was to extract rows between two timestamps.

After reading docs and looking at the tests, this was was my approach:
cat log.txt | agrind '* | parse "[* *: " as date, time [nodrop] | where date=="2021-09-09" | where parseDate(time) >= parseDate("17:00:00") | where parseDate(time) <= parseDate("17:35:00")'

The line will error out with the following message: Error: Failed to parse query
It began erroring when I added [nodrop] trying to get the whole row not just date and time.
Couldn't figure out why this was happening and I had to give up on the tool.

The tool has potential but it still has some quirks and I feel it's geared towards field extraction not necessarily row filtering. It was also unclear that boolean operators wouldn't work with where.

EDIT: Adding a row sample [2021-09-09 06:06:21,967: DEBUG/MainProcess] Rest of the log can vary wildly but you can expect it's one line.

[rcoh]

[nodrop] should not be in [] — in the docs the [/] indicate that the field is optional. I should add an example to clarify that.

And it's worth noting that nodrop means that fields that don't match the parse will be passed through, the _raw field still exists if you want it.

if you send some sample rows I can help you debug further

[linaran]

Ah, that makes sense. Definitely worth pointing out, I think it's easy to make that mistake.
How would I make it print the _raw field after all the filtering?

[rcoh]

ah actually, the best option is to just parse the rest of the message:
parse [* *: */*] * as date, time, level, category, message

I was surprised to find that there isn't an easy way to recover the raw message currently.