-
Notifications
You must be signed in to change notification settings - Fork 0
Grok
It is a filter for parsing unstructured data into structured data
It uses regular expressions to match patterns in the input
Inside the Grok block, there's a match block that has a message, which is the parameter that will contain any incoming data in its raw form
The value of that message in our filter block is where we define what each bit of data is called and what data pattern to match
In the example of the video [reference to later add images] The first word is IP, which matches the first part of the log line (an IP address). The match block has IP:c so Grok will assign that value to the key c in the structured data at outputs. The next matches a WORD and we'll assign to m for method.
img
Mutate is another plugin you are likely to be using to filter data. It's very versatile because it lets you do various transformations of the data. So with this filter block, there's a Grok filter to get the data tag correctly, and then a mutate block to operate on the results.
img
This website will help us in building a Grok Constructor: