Add a new pattern into grok for Chinese style timestamp

[waitspring]

logstash-patterns-core/patterns/ecs-v1/grok-patterns

Line 71 in f01f3f3

TIMESTAMP_ISO8601 %{YEAR}-%{MONTHNUM}-%{MONTHDAY}[T ]%{HOUR}:?%{MINUTE}(?::?%{SECOND})?%{ISO8601_TIMEZONE}?

Can we add a new pattern into grok for Chinese style timestamp, like 2022-02-22 22:20:20.222.

New pattern maybe named TIMESTAMP_CN, like:

TIMESTAMP_CN %{YEAR}-%{MONTHNUM}-%{MONTHDAY} %{HOUR}:%{MINUTE}:%{SECOND}\.\d{3}

This timestamp style is very popular in China.
Without the TIMESTAMP_CN, we have to write grok pattern like:

grok {
    match => {
        "message" => [
            "(?<timestamp>%{YEAR}-%{MONTHNUM}-%{MONTHDAY} %{HOUR}:%{MINUTE}:%{SECOND}\.\d{3}) %{LOGLEVEL:level} \[%{DATA:feature}\] (?<body>.*$)",
            "(?<body>.*$)"
        ]
    }
}

It is too bother!

[waitspring]

@jsvd What do you think about it?

[jsvd]

@waitspring ++ on adding it, can you open a PR with the new pattern, and a simple test in the core_spec.rb file, something like:

describe "TIMESTAMP_CN" do
  let(:value) { '2022-02-22 22:20:20.222' }

  it "matches a Chinese style timestamp format" do
    expect(grok_match(subject, value)).to pass
  end
end