grok

package
v0.0.0-...-691b052 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: May 7, 2018 License: Apache-2.0, Apache-2.0 Imports: 6 Imported by: 0

README

GROK

Synopsys

SETTING TYPE REQUIRED DEFAULT VALUE
break_on_match bool false false
keep_empty_captures bool false false
match hash true {}
named_capture_only bool false false
patterns_dir array false []
tag_on_failure array false []

Details

break_on_match
  • Value type is bool
  • Default value is false

Break on first match. The first successful match by grok will result in the filter being finished. If you want grok to try all patterns (maybe you are parsing different things), then set this to false

keep_empty_captures
  • Value type is bool
  • Default value is false

If true, keep empty captures as event fields

match
  • This is a required setting.
  • Value type is hash
  • Default value is {}

A hash of matches of field ⇒ value @nodefault

For example:

    filter {
      grok { match => { "message" => "Duration: %{NUMBER:duration}" } }
    }

If you need to match multiple patterns against a single field, the value can be an array of patterns

    filter {
      grok { match => { "message" => [ "Duration: %{NUMBER:duration}", "Speed: %{NUMBER:speed}" ] } }
    }
named_capture_only
  • Value type is bool
  • Default value is false

If true, only store named captures from grok.

patterns_dir
  • Value type is array
  • Default value is []

BitFan ships by default with a bunch of patterns, so you don’t necessarily need to define this yourself unless you are adding additional patterns. You can point to multiple pattern directories using this setting Note that Grok will read all files in the directory and assume its a pattern file (including any tilde backup files)

tag_on_failure
  • Value type is array
  • Default value is []

Append values to the tags field when there has been no successful match

Configuration blueprint

grok{
	break_on_match => bool
	keep_empty_captures => bool
	match => {}
	named_capture_only => bool
	patterns_dir => []
	tag_on_failure => []
}

Documentation

Overview

Code generated by "bitfanDoc "; DO NOT EDIT

Index

Constants

View Source
const (
	PORT_SUCCESS = 0
)

Variables

This section is empty.

Functions

func New

func New() processors.Processor

Types

This section is empty.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL