feat(parser): improve timestamp parsing for multiple formats

vinnytherobot · claude · vinnytherobot · commit 8f43040bc4cc · 2026-04-05T10:24:12.000-03:00
Add support for:
- ISO 8601 with various timezone formats
- Common Log Format (Apache)
- Syslog-style timestamps
- Unix timestamps

Co-Authored-By: Claude Opus 4.6 &lt;noreply@anthropic.com&gt;
diff --git a/logscope/parser.py b/logscope/parser.py
@@ -13,9 +13,26 @@
     r'\b(TRACE|DEBUG|INFO|NOTICE|WARN|WARNING|ERROR|ERR|CRITICAL|ALERT|FATAL|EMERGENCY)\b',
     re.IGNORECASE
 )
-_TIMESTAMP_PATTERN = re.compile(
-    r'(\d{4}-\d{2}-\d{2}[T\s]\d{2}:\d{2}:\d{2}(?:\.\d+)?Z?)'
-)
+
+# Multiple timestamp patterns for different log formats
+_TIMESTAMP_PATTERNS = [
+    # ISO 8601: 2026-03-21T10:00:00Z or 2026-03-21T10:00:00.123Z or 2026-03-21T10:00:00+00:00
+    re.compile(r'(\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}(?:\.\d+)?(?:Z|[+-]\d{2}:?\d{2})?)'),
+    # ISO-like with space: 2026-03-21 10:00:00 or 2026-03-21 10:00:00.123
+    re.compile(r'(\d{4}-\d{2}-\d{2}\s+\d{2}:\d{2}:\d{2}(?:\.\d+)?)'),
+    # Common Log Format / Apache: 21/Mar/2026:10:00:00 +0000 or [21/Mar/2026:10:00:00 +0000]
+    re.compile(r'(\d{2}/[A-Za-z]{3}/\d{4}:\d{2}:\d{2}:\d{2}(?:\s+[+-]\d{4})?)'),
+    # Syslog-style: Mar 21 10:00:00 (year is assumed current year)
+    re.compile(r'([A-Za-z]{3}\s+\d{1,2}\s+\d{2}:\d{2}:\d{2})'),
+    # Unix timestamp: 1711054800 (10 digits for seconds)
+    re.compile(r'\b(\d{10})\b'),
+]
+
+# Month name mapping for parsing
+_MONTH_MAP = {
+    'Jan': 1, 'Feb': 2, 'Mar': 3, 'Apr': 4, 'May': 5, 'Jun': 6,
+    'Jul': 7, 'Aug': 8, 'Sep': 9, 'Oct': 10, 'Nov': 11, 'Dec': 12
+}
 
 @dataclass
 class LogEntry:
@@ -135,11 +152,37 @@ def parse_line(line: str) -> LogEntry:
     return LogEntry(level="UNKNOWN", message=line, raw=line, timestamp=extract_timestamp(line))
 
 def extract_timestamp(text: str) -> Optional[datetime]:
-    """Helper to extract a timestamp from a raw string using regex."""
-    match = _TIMESTAMP_PATTERN.search(text)
-    if match:
-        try:
-            return datetime.fromisoformat(match.group(1).replace('Z', '+00:00'))
-        except ValueError:
-            return None
+    """Extract a timestamp from a raw string using multiple format patterns."""
+    for pattern in _TIMESTAMP_PATTERNS:
+        match = pattern.search(text)
+        if match:
+            ts_str = match.group(1)
+            try:
+                # Try ISO format first (handles most cases)
+                if '-' in ts_str and ('T' in ts_str or ' ' in ts_str[:10]):
+                    # Handle ISO-like with space instead of T
+                    return datetime.fromisoformat(ts_str.replace('Z', '+00:00').replace(' ', 'T'))
+                # Handle Common Log Format: 21/Mar/2026:10:00:00 +0000
+                elif '/' in ts_str:
+                    parts = ts_str.split()
+                    main_part = parts[0]
+                    # Parse: DD/Mon/YYYY:HH:MM:SS
+                    match_parts = re.match(r'(\d{2})/([A-Za-z]{3})/(\d{4}):(\d{2}):(\d{2}):(\d{2})', main_part)
+                    if match_parts:
+                        day, month_str, year, hour, minute, second = match_parts.groups()
+                        month = _MONTH_MAP.get(month_str, 1)
+                        return datetime(int(year), month, int(day), int(hour), int(minute), int(second))
+                # Handle Syslog-style: Mar 21 10:00:00
+                elif ts_str[0].isalpha():
+                    match_parts = re.match(r'([A-Za-z]{3})\s+(\d{1,2})\s+(\d{2}):(\d{2}):(\d{2})', ts_str)
+                    if match_parts:
+                        month_str, day, hour, minute, second = match_parts.groups()
+                        month = _MONTH_MAP.get(month_str, 1)
+                        year = datetime.now().year  # Assume current year
+                        return datetime(year, month, int(day), int(hour), int(minute), int(second))
+                # Handle Unix timestamp
+                elif ts_str.isdigit():
+                    return datetime.fromtimestamp(int(ts_str))
+            except (ValueError, OSError):
+                continue
     return None
diff --git a/tests/test_time.py b/tests/test_time.py
@@ -1,5 +1,5 @@
 from datetime import datetime
-from logscope.parser import parse_line
+from logscope.parser import parse_line, extract_timestamp
 from logscope.cli import parse_relative_time
 
 def test_parse_iso_timestamp():
@@ -31,3 +31,81 @@ def test_relative_time_days():
     assert parsed is not None
     diff = now - parsed
     assert 1.9 < diff.total_seconds() / 86400 < 2.1
+
+
+def test_extract_iso_with_space():
+    """Test ISO-like timestamp with space separator."""
+    ts = extract_timestamp("2026-03-21 10:00:00 INFO message")
+    assert ts is not None
+    assert ts.year == 2026
+    assert ts.month == 3
+    assert ts.day == 21
+    assert ts.hour == 10
+
+
+def test_extract_iso_with_milliseconds():
+    """Test ISO timestamp with milliseconds."""
+    ts = extract_timestamp("2026-03-21T10:00:00.123Z INFO message")
+    assert ts is not None
+    assert ts.year == 2026
+    assert ts.microsecond == 123000
+
+
+def test_extract_iso_with_timezone():
+    """Test ISO timestamp with timezone offset."""
+    ts = extract_timestamp("2026-03-21T10:00:00+00:00 INFO message")
+    assert ts is not None
+    assert ts.year == 2026
+
+
+def test_extract_common_log_format():
+    """Test Apache/nginx common log format."""
+    ts = extract_timestamp("21/Mar/2026:10:00:00 +0000 INFO message")
+    assert ts is not None
+    assert ts.year == 2026
+    assert ts.month == 3
+    assert ts.day == 21
+    assert ts.hour == 10
+
+
+def test_extract_common_log_format_bracketed():
+    """Test Apache/nginx common log format in brackets."""
+    ts = extract_timestamp("[21/Mar/2026:10:00:00 +0000] INFO message")
+    assert ts is not None
+    assert ts.year == 2026
+    assert ts.month == 3
+    assert ts.day == 21
+
+
+def test_extract_syslog_format():
+    """Test syslog-style timestamp."""
+    ts = extract_timestamp("Mar 21 10:00:00 hostname process[123]: message")
+    assert ts is not None
+    assert ts.month == 3
+    assert ts.day == 21
+    assert ts.hour == 10
+    assert ts.minute == 0
+    assert ts.second == 0
+
+
+def test_extract_unix_timestamp():
+    """Test Unix timestamp (seconds since epoch)."""
+    # 2026-03-21 10:00:00 UTC as Unix timestamp
+    ts = extract_timestamp("1711018800 INFO message")
+    assert ts is not None
+    # Just verify it's a valid datetime, exact values depend on timezone
+    assert ts.year in (2026, 2025)  # May vary by timezone
+
+
+def test_extract_timestamp_none():
+    """Test that no timestamp returns None."""
+    ts = extract_timestamp("This is just a plain message with no timestamp")
+    assert ts is None
+
+
+def test_parse_line_with_common_log_format():
+    """Test that parse_line extracts timestamp from common log format."""
+    log = '[INFO] 21/Mar/2026:10:00:00 +0000 Test message'
+    entry = parse_line(log)
+    assert entry.timestamp is not None
+    assert entry.timestamp.month == 3
