I have a log that is filled with nonsense data. So I am keeping it simple with a grok match only date than greedydata everything else. Halfway into the message I am given a message level i.e. info, error, ... that I need to track down.
So my question is what is better for performance grok and match each of these nonsense data that I do not know how to categorize
OR:
just use conditions and check if message contains error, info, debug
I ask because I have heard that grok takes a lot of resources but these conditionals may use just as much.
Thanks,
M