Skip to content

aegoroff/grok

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

886 Commits

.github/workflows

.github/workflows

 
 

.vscode

.vscode

 
 

cmake

cmake

 
 

patterns

patterns

 
 

src

src

 
 

.editorconfig

.editorconfig

 
 

.gitignore

.gitignore

 
 

CMakeLists.txt

CMakeLists.txt

 
 

LICENSE.txt

LICENSE.txt

 
 

README.md

README.md

 
 

build.zig

build.zig

 
 

build.zig.zon

build.zig.zon

 
 

cliff.toml

cliff.toml

 
 

linux_build.sh

linux_build.sh

 
 

osx_build.sh

osx_build.sh

 
 

Repository files navigation

GROK

Codacy Badge CI Build

GROK is a tool like UNIX grep on steroids. Ofter regular expressions become huge and vague. To resolve this situation macros or grok could be applied. Grok is a peculiar regular expression's macros name. This term taken from logstash project. Macros looks like named reference to a regular expression that may be rather complex expression. This regular expression can contain references to other groks and so on. Using groks you can make complex regular expressions from simple ones.

So using GROK you have to use a macro name defined in patterns instead of complex regular expression.

Install the pre-compiled binary

homebrew (only on macOS and Linux for now):

Add my tap (do it once):

brew tap aegoroff/tap

And then install grok:

brew install aegoroff/tap/grok

Update grok if already installed:

brew upgrade aegoroff/tap/grok

scoop:

scoop bucket add aegoroff https://github.com/aegoroff/scoop-bucket.git
scoop install grok

AUR (Arch Linux User Repository):

install binary package:

 yay -S grok-tool-bin

or if yay reports that package not found force updating repo info

yay -Syyu grok-tool-bin

manually:

Download the pre-compiled binaries from the releases and copy to the desired location. On linux put *.patterns files that are next to executable to folder /usr/share/grok/patterns. Create it if not exists. On other platforms grok searches files within executable's directory.

SYNTAX:

grok [-hi] -s <string> -m <string> [-p <file>]...

grok [-hi] -f <file> -m <string> [-p <file>]...

grok [-hi] -m <string> [-p <file>]...

grok -t[h] [-m <string>] [-p <file>]...

  -h, --help                print this help and exit
  -i, --info                dont work like grep i.e. output matched string with
                            additional info
  -s, --string=<string>     string to match
  -f, --file=<file>         full path to file to read data from. If not set and
                            string option not set too data read from stdin
  -m, --macro=<string>      pattern macros to build regexp
  -p, --patterns=<file>     one or more pattern files. You can also use
                            wildcards like path\*.patterns. If not set, current
                            directory used to search all *.patterns files
  -t, --template            show template(s) information

EXAMPLES

Output all possible macro names (to pass as -m parameter)

grok -t

Output regular expression a macro will be expanded to

grok -t -m UNIXPATH

This will output

(?>/(?>[\w_%!$@:.,-]+|\\.)*)+

Output first log messages lines from system.log

grok -m SYSLOGBASE -f /var/log/system.log

Same as above but input from stdin

cat /var/log/system.log | grok -m SYSLOGBASE

About

Regular expressions macro engine

Topics

c regular-expression grok

Resources

Readme

License

MIT license
Activity

Stars

1 star

Watchers

2 watching

Forks

2 forks
Report repository

Releases 29

0.2.28 Latest
Apr 28, 2024
+ 28 releases

Packages

No packages published

Contributors 2

  •  
  •  

Languages