yalp.parsers.grok

Use grok to parse the event. Any matched fields from the grok pattern will be added to the event.

This parser supports the following connfiguration items:

pattern

A grok pattern to match. See available patterns for details.

field

The field from the event to parse. Defaults to message.

type

A type filter. Events not of this type will be skipped.

Example configuration.

parsers:
  - grok:
    pattern: '%{IP:ip_addr} %{WORD:request_type} %{URIPATHPARAM:path}'

With an input event like the following:

{
    'message': '192.168.0.1 GET /index.html',
    'time_stamp': '2015-01-01T01:00:00',
    'hostname': 'server_hostname',
}

After the parser runs, the event will become:

{
    'message': '192.168.0.1 GET /index.html',
    'time_stamp': '2015-01-01T01:00:00',
    'hostname': 'server_hostname',
    'ip_addr': '192.168.0.1',
    'request_type': 'GET',
    'path': '/index.html',
}