Cribl LogStream – Docs

Cribl LogStream Documentation

Questions? We'd love to help you! Meet us in #Cribl Community Slack (sign up here)
Download entire manual as PDF - v2.4.4

Grok Patterns Library

What Is the Grok Patterns Library

Cribl LogStream ships with a Grok Patterns Library that contains a set of pre-built common patterns, organized as files.

Grok Patterns Library

Managing Library Patterns

You can access the Grok Patterns Library in the UI by selecting Knowledge > Grok Patterns. The library contains several pattern files that Cribl provides for basic Grok scenarios, and is searchable.

To edit a pattern file, click Edit in its Actions column.

To create a new pattern file, click + Add New. In the resulting Create Grok Patterns modal, assign a unique Filename/ID, populate the file with patterns, then click Save.

Adding Grok patterns

📘

Pattern files reside in: $CRIBL_HOME/(default|local)/cribl/grok-patterns/

Using Grok Patterns

In the current LogStream version, you apply Grok patterns by inserting a Grok Function into a Pipeline, then manually typing or pasting patterns into the Pattern field(s).

Updated 7 months ago

Grok Patterns Library

Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.