Grok regular expression support in Filebeats

ramon_garcia · December 8, 2017, 5:13pm

Hello,

I have developed Grok expression support in Beats.

You can get the code from https://github.com/ramon-garcia/beats/tree/extend-processors/ (branch extended-processors). You can see the documentation here https://github.com/ramon-garcia/beats/blob/extend-processors/libbeat/docs/processors-using.asciidoc#grok

I offered a pull request to Beats, but the development team disagrees about client side processing. The prefer everything processed in the server side.

Anyway, if you want to process your logs in the client side, you can look at my code (grok.go and grok_test.go) My experience is that writting Beats processing modules is simple. I encourage you to do so.

andrewkroh · December 8, 2017, 5:27pm

Maybe you could turn it into a plugin like I did with this beats-processor-fingerprint. The only tricky thing at the current time with Go plugins is that they need to be compiled against the same source as the Beat and with the same Go version.

ramon_garcia · December 8, 2017, 5:49pm

Thank you very much!! Didn't know that this was possible.

system · December 29, 2017, 5:13pm

This topic was automatically closed after 21 days. New replies are no longer allowed.

Topic		Replies	Views
Beats Native Grok Processor Beats filebeat	1	375	July 19, 2023
Grok in filebeat? Beats filebeat	8	30772	December 27, 2016
Filebeat include_lines performance v.s. grep Beats filebeat	2	1662	November 9, 2018
Processing Custom Log Input from Filebeat in Logstash Logstash	4	795	April 1, 2019
How to update filebeat grok filter Beats filebeat	4	910	July 13, 2019

Grok regular expression support in Filebeats

Related topics