Add link to vjeantet/grok to grok parser docs

2019-03-25 12:09:04 -07:00 · 2019-03-25 12:09:04 -07:00 · 888d847a05
parent 135166323b
commit 888d847a05
2 changed files with 9 additions and 44 deletions
--- a/plugins/parsers/grok/README.md
+++ b/plugins/parsers/grok/README.md
@ -59,11 +59,15 @@ To match a comma decimal point you can use a period.  For example `%{TIMESTAMP:t
 To match a comma decimal point you can use a period in the pattern string.
 See https://golang.org/pkg/time/#Parse for more details.
-Telegraf has many of its own [built-in patterns](/plugins/parsers/grok/influx_patterns.go),
+Telegraf has many of its own [built-in patterns][] as well as support for most
-as well as support for most of
+of the Logstash builtin patterns using [these Go compatible patterns][grok-patterns].
-[logstash's builtin patterns](https://github.com/logstash-plugins/logstash-patterns-core/blob/master/patterns/grok-patterns).
+
-_Golang regular expressions do not support lookahead or lookbehind.
+**Note** Golang regular expressions do not support lookahead or lookbehind.
-logstash patterns that depend on these are not supported._
+Logstash patterns that use these features may not supported, or may use a Go
 friendly pattern that does is not always completely compatible with Logstash.
 [built-in patterns]: /plugins/parsers/grok/influx_patterns.go
 [grok-patterns]: https://github.com/vjeantet/grok/blob/master/patterns/grok-patterns
 If you need help building patterns to match your logs,
 you will find the https://grokdebug.herokuapp.com application quite useful!
--- a/plugins/parsers/grok/influx_patterns.go
+++ b/plugins/parsers/grok/influx_patterns.go
@ -1,45 +1,6 @@
 package grok
 const DEFAULT_PATTERNS = `
 # Captures are a slightly modified version of logstash "grok" patterns, with
 #  the format %{<capture syntax>[:<semantic name>][:<modifier>]}
 # By default all named captures are converted into string fields.
 # If a pattern does not have a semantic name it will not be captured.
 # Modifiers can be used to convert captures to other types or tags.
 # Timestamp modifiers can be used to convert captures to the timestamp of the
 #  parsed metric.
 # View logstash grok pattern docs here:
 #   https://www.elastic.co/guide/en/logstash/current/plugins-filters-grok.html
 # All default logstash patterns are supported, these can be viewed here:
 #   https://github.com/logstash-plugins/logstash-patterns-core/blob/master/patterns/grok-patterns
 # Available modifiers:
 #   string   (default if nothing is specified)
 #   int
 #   float
 #   duration (ie, 5.23ms gets converted to int nanoseconds)
 #   tag      (converts the field into a tag)
 #   drop     (drops the field completely)
 # Timestamp modifiers:
 #   ts-ansic         ("Mon Jan _2 15:04:05 2006")
 #   ts-unix          ("Mon Jan _2 15:04:05 MST 2006")
 #   ts-ruby          ("Mon Jan 02 15:04:05 -0700 2006")
 #   ts-rfc822        ("02 Jan 06 15:04 MST")
 #   ts-rfc822z       ("02 Jan 06 15:04 -0700")
 #   ts-rfc850        ("Monday, 02-Jan-06 15:04:05 MST")
 #   ts-rfc1123       ("Mon, 02 Jan 2006 15:04:05 MST")
 #   ts-rfc1123z      ("Mon, 02 Jan 2006 15:04:05 -0700")
 #   ts-rfc3339       ("2006-01-02T15:04:05Z07:00")
 #   ts-rfc3339nano   ("2006-01-02T15:04:05.999999999Z07:00")
 #   ts-httpd         ("02/Jan/2006:15:04:05 -0700")
 #   ts-epoch         (seconds since unix epoch)
 #   ts-epochnano     (nanoseconds since unix epoch)
 #   ts-"CUSTOM"
 # CUSTOM time layouts must be within quotes and be the representation of the
 # "reference time", which is Mon Jan 2 15:04:05 -0700 MST 2006
 # See https://golang.org/pkg/time/#Parse for more details.
 # Example log file pattern, example log looks like this:
 #   [04/Jun/2016:12:41:45 +0100] 1.25 200 192.168.1.1 5.432µs
 # Breakdown of the DURATION pattern below: