What is the Regex Library

As of v1.1 Cribl LogStream ships with a Regex Library that contains a set of pre-built common regex patterns. The goal of the library is to serve as an easily accessible repository of regular expressions. The library is searchable and each pattern can be tagged if further organization or categorization is needed. The library can be found under Knowledge | Regex Library .

How does it work

As of this this version, the Library contains 25 patterns shipped by Cribl LogStream. A pattern can be used as-is in a Function or can be modified as necessary and new, custom patterns can be added by users.

Cribl vs. Custom and Priority
Patterns shipped by Cribl will be listed under the Cribl tab while those built by users will be found under Custom. Over time Cribl LogStream will ship more patterns and this distinction allows for both sets to grow independently. In the case of an ID/Name conflict, the Custom pattern takes priority in listings and search. For example, if a Cribl provided pattern and a Custom one are both named ipv4 the one from Cribl will not be displayed or delivered as a search result.