Cribl LogStream – Docs

Cribl LogStream Documentation

Questions? We'd love to help you! Meet us in #Cribl Community Slack (sign up here)
Download entire manual as PDF – v.3.0.1

Grok Patterns Library

What Is the Grok Patterns Library

Cribl LogStream ships with a Grok Patterns Library that contains a set of pre-built common patterns, organized as files.

Grok Patterns Library

Managing Library Patterns

You can access the Grok Patterns Library in the UI by selecting Knowledge > Grok Patterns. The library contains several pattern files that Cribl provides for basic Grok scenarios, and is searchable.

To edit a pattern file, click Edit in its Actions column.

To create a new pattern file, click + Add New. In the resulting Create Grok Patterns modal, assign a unique Filename, populate the file with patterns, then click Save.

Adding Grok patterns

📘

Pattern files reside in: $CRIBL_HOME/(default|local)/cribl/grok-patterns/

Using Grok Patterns

In the current LogStream version, you apply Grok patterns by inserting a Grok Function into a Pipeline, then manually typing or pasting patterns into the Pattern field(s).

Updated 29 days ago

Grok Patterns Library

Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.