Grok regular expression support in Filebeats

ramon_garcia · December 8, 2017, 5:13pm

Hello,

I have developed Grok expression support in Beats.

You can get the code from https://github.com/ramon-garcia/beats/tree/extend-processors/ (branch extended-processors). You can see the documentation here https://github.com/ramon-garcia/beats/blob/extend-processors/libbeat/docs/processors-using.asciidoc#grok

I offered a pull request to Beats, but the development team disagrees about client side processing. The prefer everything processed in the server side.

Anyway, if you want to process your logs in the client side, you can look at my code (grok.go and grok_test.go) My experience is that writting Beats processing modules is simple. I encourage you to do so.

andrewkroh · December 8, 2017, 5:27pm

Maybe you could turn it into a plugin like I did with this beats-processor-fingerprint. The only tricky thing at the current time with Go plugins is that they need to be compiled against the same source as the Beat and with the same Go version.

ramon_garcia · December 8, 2017, 5:49pm

Thank you very much!! Didn't know that this was possible.

system · December 29, 2017, 5:13pm

This topic was automatically closed after 21 days. New replies are no longer allowed.