Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ability to auto-sort match options by frequency of match #137

Open
robin13 opened this issue Mar 8, 2018 · 1 comment
Open

Ability to auto-sort match options by frequency of match #137

robin13 opened this issue Mar 8, 2018 · 1 comment
Assignees
@guyboertje
Labels
discuss enhancement

Comments

@robin13
Copy link
Contributor

robin13 commented Mar 8, 2018

A typical multi-match might look like this:

grok {
  match => { "message" => [ "%{MY_PATTERN:foo}", "%{OTHER_PATTERN:bar" ] }
}

Currently the array of matches is processed in order. Often this is good and necessary (if the patterns are a sequence of matches going from most specific to most generic), but for the case where it is simply different patterns for different strings, it would be useful if the grok filter could count the times each pattern is matched, and auto-reorder the patterns in order of the frequency they are matched and so optimise the efficiency of the grok filter.
@jsvd
Copy link
Contributor

jsvd commented Mar 8, 2018
edited

  1. I believe first we can implement capturing of metrics per grok match
  2. from there we could expose an option to automatically reorganize the patterns. However this cannot be done always and by default as it can change the semantics especially with break_on_match

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@guyboertje guyboertje

Labels
discuss enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jsvd @guyboertje @robin13