Grok Patterns Library

What Is the Grok Patterns Library​

Cribl Stream ships with a Grok Patterns Library that contains a set of pre-built common patterns, organized as files.

Managing Library Patterns ​

You can access the Grok Patterns Library from the UI’s top nav by selecting Processing > Knowledge > Grok Patterns. The library contains several pattern files that Cribl provides for basic Grok scenarios, and is searchable.

To edit a pattern file, click Edit in its Actions column.

To create a new pattern file, click Add Grok Pattern File. In the resulting modal, assign a unique Filename, populate the file with patterns, then click Save.

Pattern files reside in: $CRIBL_HOME/(default|local)/cribl/grok-patterns/

Using Grok Patterns​

In the current Cribl Stream version, you apply Grok patterns by inserting a Grok Function into a Pipeline, then manually typing or pasting patterns into the Pattern field(s).