grok support matrix?

[synhershko]

What is the feature parity between pygrok and the original logstash grok?

If full, this should be written somehow (and have tests to prove..).

If partial, can you please add a support matrix, so it's clear to users what's supported and what's not, and also so it's easier to contribute back?

[garyelephant]

This is a good idea.

As far as I remember, pygrok and logstash grok are almost the same in functionality exept that pygrok don't have data type conversion.For example:
%{NUMBER:num:int} in logstash grok will convert num to integer in json eventally, but pygrok don't support this kind of syntax.

[synhershko]

I'm doing some work on this area now and will probably need to improve on feature parity and performance. I'm hoping you accept PRs? :)

The patterns folder isn't up to date - I was thinking of using a git submodule to have it point to the official folder at https://github.com/logstash-plugins/logstash-patterns-core instead of duplicating it here like it is now.

As far as the syntax goes - any particular reason data type conversion isn't supported?

[garyelephant]

I just have no enough time to implement data type conversion, feel free to make a pull request.
I have to duplicate the patterns folder because pygrok is managed by pip and logstash-patterns-core is managed by rubygems, so it's not easy to get those default patterns.