Performance grok vs mutate on finding message level

I have a log that is filled with nonsense data. So I am keeping it simple with a grok match only date than greedydata everything else. Halfway into the message I am given a message level i.e. info, error, ... that I need to track down.

So my question is what is better for performance grok and match each of these nonsense data that I do not know how to categorize


just use conditions and check if message contains error, info, debug

I ask because I have heard that grok takes a lot of resources but these conditionals may use just as much.


This is really something you'd want to test on your own data.