What is the best workflow when developing Grok filters?
$ docker run -it --rm logstash --version logstash 5.4.0 $ docker run -it --rm --entrypoint logstash-plugin logstash list --verbose logstash-patterns-core logstash-patterns-core (4.0.2)
Are there some other tools - ideally official ones from elastic.co?
My current workflow is as follows:
- run logstash
- wait for logstash to start
- wait for logstash to process an example file
- look for "_grokparsefailure"
- edit grok filter match
- stop logstash