Do not start with grok. Think about using dissect and kv. Here is an example.
grok is massively overused because it is extremely powerful and one of the earliest options. That does not make it a good solution.
1 Like