Hello everyone.
I am looking into adding a Grok processor to Beats/Filebeat as requested in [Filebeat] Add grok Processor as native beat/filebeat processor · Issue #30073 · elastic/beats · GitHub. Our team has already created such a processor, but it is very minimalistic and will likely need to be rewritten. I am getting started writing a new Grok processor that better follows the code quality guidelines used by Elastic and the Beats ecosystem.
Prior to doing so, I wanted to reach out here (as recommended in the contributor guidelines) to see if you had any recommendations for how to approach this or if there are any known gotchas.
One question I had is whether or not you are familiar with any actively maintained Grok golang packages. We are using GitHub - vjeantet/grok: simple library to use/parse grok patterns with go (100%) in our custom processor, but that repo has not been updated for nearly 3 years. If not, would it be wise to use that Grok package? Or would you rather have an in-house Grok parser?
I'm looking forward to hearing from you and hopefully making my first Elastic contribution!