pygrok icon indicating copy to clipboard operation
pygrok copied to clipboard

Published 20 hours ago verified publisher icon garyelephant

Multiple Patterns

Open mthota15 opened this issue 6 years ago • 4 comments

Does pygrok support matching of string against multiple patterns?

Any example on how to do that?

mthota15 avatar Jun 12 '18 17:06 mthota15

Please elaborate your requirement, @mthota15

garyelephant avatar Jun 15 '18 04:06 garyelephant

I was able to do this way.

from pygrok import Grok import json text = [ '37.162.60.195 - - [06/Jun/2018:17:31:29 -0400] "PUT /app/main/posts HTTP/1.0" 200 5055 "http://harris-johnson.com/main/register/" "Mozilla/5.0 (Windows NT 5.0) AppleWebKit/5311 (KHTML, like Gecko) Chrome/13.0.850.0 Safari/5311"', '::1 - - [26/Dec/2016:16:16:29 +0200] "GET /favicon.ico HTTP/1.1" 404 209', '[Mon Dec 26 16:22:08 2016] [error] [client 192.168.33.1] File does not exist: /var/www/favicon.ico' ]

patterns = { '^%{COMBINEDAPACHELOG}$', '^%{COMMONAPACHELOG}$', '^%{HTTPD_ERRORLOG}$' }

def parse_type(text): for k in patterns: return Grok(k).match(text)

for i in text: parsed = parse_type(i) if parsed: print(json.dumps(parsed))

please let me know if there is a better way to do it with pygrok.

mthota15 avatar Jun 16 '18 05:06 mthota15

+1

tcxdgit avatar Jul 08 '20 07:07 tcxdgit

grok patterns are a superset of regex patterns. you can use a regex alternator group to match against 2 or more patterns like so:

pattern = r'^(%{COMBINEDAPACHELOG}|%{COMMONAPACHELOG}|%{HTTPD_ERRORLOG})$'
parser = Grok(pattern)

alextremblay avatar Mar 05 '21 15:03 alextremblay