Skip to content

mmastrac/grok

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

90 Commits
.github/workflows
.github/workflows
 
 
benches
benches
 
 
examples
examples
 
 
patterns
patterns
 
 
src
src
 
 
.gitignore
.gitignore
 
 
CHANGELOG.md
CHANGELOG.md
 
 
Cargo.toml
Cargo.toml
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
build.rs
build.rs
 
 

Repository files navigation

grok

The grok library allows you to quickly parse and match potentially unstructured data into a structed result. It is especially helpful when parsing logfiles of all kinds. This Rust version is mainly a port from the java version which in turn drew inspiration from the original ruby version.

License Latest Version Documentation Continuous Integration

Usage

Add this to your Cargo.toml:

[dependencies]
grok = "2.0"

Here is a simple example which stores a pattern, compiles it and then matches a line on it:

use grok::Grok;

fn main() {
    // Instantiate Grok
    let mut grok = Grok::default();

    // Add a pattern which might be a regex or an alias
    grok.add_pattern("USERNAME", r"[a-zA-Z0-9._-]+");

    // Compile the definitions into the pattern you want
    let pattern = grok
        .compile("%{USERNAME}", false)
        .expect("Error while compiling!");

    //  Match the compiled pattern against a string
    match pattern.match_against("root") {
        Some(m) => println!("Found username {:?}", m.get("USERNAME")),
        None => println!("No matches found!"),
    }
}

Note that compiling the pattern is an expensive operation, so very similar to plain regex handling the compile operation should be performed once and then the match_against method on the pattern can be called repeatedly in a loop or iterator. The returned pattern is not bound to the lifetime of the original grok instance so it can be passed freely around. For performance reasons the Match returned is bound to the pattern lifetime so keep them close together or clone/copy out the containing results as needed.

Further Information

This library supports multiple regex engines through feature flags. By default, it uses onig, which is a Rust binding for the powerful Oniguruma regex library. You can also use the standard Rust regex engine or fancy-regex by enabling the respective features:

The default engine is onig for compatibility with previous 2.x releases:

[dependencies]
grok = { version = "2.0", features = ["onig"] }

The pcre2 engine is a more complete Rust regex library supporting backtracking, JIT compilation and is the fastest engine for most use cases:

[dependencies]
grok = { version = "2.0", default-features = false, features = ["pcre2"] }

The fancy-regex engine is a more complete Rust regex library supporting backtracking:

[dependencies]
grok = { version = "2.0", default-features = false, features = ["fancy-regex"] }

The regex engine is supported, but it does not support backtracking, so many patterns are unusable. This is not recommended for most use cases:

[dependencies]
grok = { version = "2.0", default-features = false, features = ["regex"] }

License

grok is distributed under the terms of the Apache License (Version 2.0). See LICENSE for details.

About

A Rust port of the popular grok library for text and log processing

Resources

Readme

License

Apache-2.0 license
Activity

Stars

73 stars

Watchers

3 watching

Forks

20 forks
Report repository

Releases

6 tags

Packages

No packages published

Contributors 6

Languages