From b6cc324d10cc4d8a64396ee968d31acf3ecf0398 Mon Sep 17 00:00:00 2001
From: Daniel Nelson <daniel@wavesofdawn.com>
Date: Thu, 17 Jan 2019 12:00:07 -0800
Subject: [PATCH] Add note on performance to grok parser documentation (#5291)

---
 plugins/parsers/grok/README.md | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/plugins/parsers/grok/README.md b/plugins/parsers/grok/README.md
index 32072b631..4ebbbd3f2 100644
--- a/plugins/parsers/grok/README.md
+++ b/plugins/parsers/grok/README.md
@@ -220,4 +220,14 @@ the file output will only print once per `flush_interval`.
 - If successful, add the next token, update the pattern and retest.
 - Continue one token at a time until the entire line is successfully parsed.
 
+#### Performance
 
+Performance depends heavily on the regular expressions that you use, but there
+are a few techniques that can help:
+
+- Avoid using patterns such as `%{DATA}` that will always match.
+- If possible, add `^` and `$` anchors to your pattern:
+  ```
+  [[inputs.file]]
+    grok_patterns = ["^%{COMBINED_LOG_FORMAT}$"]
+  ```