Articles by Berg Lloyd-Haig

  1. Optimising Logstash Grok Patterns

    Recently while writing some Grok patterns for the ELK cluster at work, I had a conversation with my colleage Berg about the efficiency of Grok patterns. I was working with Cisco ASA firewall logs, which are natural language, human readable logs, in contrast with IPtables or Palo Alto logs which are sent in a CSV format. In order to parse them into structured log events to feed into Elasticsearch, I used the Grok filter.

    Tagged as : Logstash ELK

