Debugging Grok Expressions

Grok is a pattern matching syntax that you can use to parse arbitrary text and structure it. Grok is perfect for parsing syslog logs, apache and other webserver logs, mysql logs, and in general, any log format that is generally written for humans and not computer consumption.

Grok patterns are supported in the ingest node grok processor and the Logstash grok filter. The Elastic Stack ships with over 120 reusable grok patterns. See Ingest node grok patterns and Logstash grok patterns for the full list of patterns.

X-Pack includes a Grok Debugger tool that you can use to build and debug grok patterns before you use them in your data processing pipelines. Because ingest node and Logstash share the same grok implementation and pattern libraries, any grok pattern that you create in the Grok Debugger will work in ingest node and Logstash.

Grok Debugger