From 7196a7932edcc1564e896141dcbc99daab2dcdc8 Mon Sep 17 00:00:00 2001
From: Austin <austin.peters@kineticdata.com>
Date: Mon, 30 Oct 2017 17:08:54 -0500
Subject: [PATCH 1/2] Updates the grok patterns to be consistent with the
 logstash grok patterns for already existing patterns.

https://github.com/logstash-plugins/logstash-patterns-core/commit/02fc1c47e094cbbe3e482754cda95088827da327#diff-5d5996f507c4a9e3bcc205235e2a3ecc
https://github.com/logstash-plugins/logstash-patterns-core/commit/68ee6fdb4ab50280cb97605d1287fed2f50fa234#diff-5d5996f507c4a9e3bcc205235e2a3ecc
https://github.com/logstash-plugins/logstash-patterns-core/commit/939210be0635200ee44418f9af55de254a1ddeb3#diff-5d5996f507c4a9e3bcc205235e2a3ecc
https://github.com/logstash-plugins/logstash-patterns-core/commit/3bb6563facc41a1278aa6a9b86a0610dd3e62fe0#diff-5d5996f507c4a9e3bcc205235e2a3ecc
https://github.com/logstash-plugins/logstash-patterns-core/commit/ad4947d6b7aab0f217bd82cdcc82c47ea42f743e#diff-5d5996f507c4a9e3bcc205235e2a3ecc
---
 .../src/main/resources/patterns/grok-patterns        | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/modules/ingest-common/src/main/resources/patterns/grok-patterns b/modules/ingest-common/src/main/resources/patterns/grok-patterns
index 6351a7710164e..d61ba63e393a6 100644
--- a/modules/ingest-common/src/main/resources/patterns/grok-patterns
+++ b/modules/ingest-common/src/main/resources/patterns/grok-patterns
@@ -33,21 +33,21 @@ HOSTPORT %{IPORHOST}:%{POSINT}
 
 # paths
 PATH (?:%{UNIXPATH}|%{WINPATH})
-UNIXPATH (/([\w_%!$@:.,~-]+|\\.)*)+
+UNIXPATH (/([\w_%!$@:.,+~-]+|\\.)*)+
 TTY (?:/dev/(pts|tty([pq])?)(\w+)?/?(?:[0-9]+))
 WINPATH (?>[A-Za-z]+:|\\)(?:\\[^\\?*]*)+
-URIPROTO [A-Za-z]+(\+[A-Za-z+]+)?
+URIPROTO [A-Za-z]([A-Za-z0-9+\-.]+)+
 URIHOST %{IPORHOST}(?::%{POSINT:port})?
 # uripath comes loosely from RFC1738, but mostly from what Firefox
 # doesn't turn into %XX
-URIPATH (?:/[A-Za-z0-9$.+!*'(){},~:;=@#%_\-]*)+
+URIPATH (?:/[A-Za-z0-9$.+!*'(){},~:;=@#%&_\-]*)+
 #URIPARAM \?(?:[A-Za-z0-9]+(?:=(?:[^&]*))?(?:&(?:[A-Za-z0-9]+(?:=(?:[^&]*))?)?)*)?
 URIPARAM \?[A-Za-z0-9$.+!*'|(){},~@#%&/=:;_?\-\[\]<>]*
 URIPATHPARAM %{URIPATH}(?:%{URIPARAM})?
 URI %{URIPROTO}://(?:%{USER}(?::[^@]*)?@)?(?:%{URIHOST})?(?:%{URIPATHPARAM})?
 
 # Months: January, Feb, 3, 03, 12, December
-MONTH \b(?:Jan(?:uary|uar)?|Feb(?:ruary|ruar)?|M(?:a|ä)?r(?:ch|z)?|Apr(?:il)?|Ma(?:y|i)?|Jun(?:e|i)?|Jul(?:y)?|Aug(?:ust)?|Sep(?:tember)?|O(?:c|k)?t(?:ober)?|Nov(?:ember)?|De(?:c|z)(?:ember)?)\b
+MONTH \b(?:[Jj]an(?:uary|uar)?|[Ff]eb(?:ruary|ruar)?|[Mm](?:a|ä)?r(?:ch|z)?|[Aa]pr(?:il)?|[Mm]a(?:y|i)?|[Jj]un(?:e|i)?|[Jj]ul(?:y)?|[Aa]ug(?:ust)?|[Ss]ep(?:tember)?|[Oo](?:c|k)?t(?:ober)?|[Nn]ov(?:ember)?|[Dd]e(?:c|z)(?:ember)?)\b
 MONTHNUM (?:0?[1-9]|1[0-2])
 MONTHNUM2 (?:0[1-9]|1[0-2])
 MONTHDAY (?:(?:0[1-9])|(?:[12][0-9])|(?:3[01])|[1-9])
@@ -68,10 +68,10 @@ DATE_EU %{MONTHDAY}[./-]%{MONTHNUM}[./-]%{YEAR}
 ISO8601_TIMEZONE (?:Z|[+-]%{HOUR}(?::?%{MINUTE}))
 ISO8601_SECOND (?:%{SECOND}|60)
 ISO8601_HOUR (?:2[0123]|[01][0-9])
-TIMESTAMP_ISO8601 %{YEAR}-%{MONTHNUM}-%{MONTHDAY}[T ]%{ISO8601_HOUR}:?%{MINUTE}(?::?%{SECOND})?%{ISO8601_TIMEZONE}?
+TIMESTAMP_ISO8601 %{YEAR}-%{MONTHNUM}-%{MONTHDAY}[T ]%{HOUR}:?%{MINUTE}(?::?%{SECOND})?%{ISO8601_TIMEZONE}?
 DATE %{DATE_US}|%{DATE_EU}
 DATESTAMP %{DATE}[- ]%{TIME}
-TZ (?:[PMCE][SD]T|UTC)
+TZ (?:[APMCE][SD]T|UTC)
 DATESTAMP_RFC822 %{DAY} %{MONTH} %{MONTHDAY} %{YEAR} %{TIME} %{TZ}
 DATESTAMP_RFC2822 %{DAY}, %{MONTHDAY} %{MONTH} %{YEAR} %{TIME} %{ISO8601_TIMEZONE}
 DATESTAMP_OTHER %{DAY} %{MONTH} %{MONTHDAY} %{TIME} %{TZ} %{YEAR}

From 29422aa64ad7846d39e0b449eff261d10af48e71 Mon Sep 17 00:00:00 2001
From: Jake Landis <jake.landis@elastic.co>
Date: Mon, 4 Feb 2019 19:39:19 -0600
Subject: [PATCH 2/2] preserve ISO8601_HOUR in TIMESTAMP_ISO8601

---
 libs/grok/src/main/resources/patterns/grok-patterns | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libs/grok/src/main/resources/patterns/grok-patterns b/libs/grok/src/main/resources/patterns/grok-patterns
index d61ba63e393a6..27bf6732790d6 100644
--- a/libs/grok/src/main/resources/patterns/grok-patterns
+++ b/libs/grok/src/main/resources/patterns/grok-patterns
@@ -68,7 +68,7 @@ DATE_EU %{MONTHDAY}[./-]%{MONTHNUM}[./-]%{YEAR}
 ISO8601_TIMEZONE (?:Z|[+-]%{HOUR}(?::?%{MINUTE}))
 ISO8601_SECOND (?:%{SECOND}|60)
 ISO8601_HOUR (?:2[0123]|[01][0-9])
-TIMESTAMP_ISO8601 %{YEAR}-%{MONTHNUM}-%{MONTHDAY}[T ]%{HOUR}:?%{MINUTE}(?::?%{SECOND})?%{ISO8601_TIMEZONE}?
+TIMESTAMP_ISO8601 %{YEAR}-%{MONTHNUM}-%{MONTHDAY}[T ]%{ISO8601_HOUR}:?%{MINUTE}(?::?%{SECOND})?%{ISO8601_TIMEZONE}?
 DATE %{DATE_US}|%{DATE_EU}
 DATESTAMP %{DATE}[- ]%{TIME}
 TZ (?:[APMCE][SD]T|UTC)