Automatic grok discovery This was my first attempt to support creating grok expressions. It generates potentially all regular expressions that consist of fixed strings for things that are not alphanumeric and grok patterns from the library, and match all of a given set of logfile lines. If there are several patterns from the grok library that match the same strings in every log line they are grouped together and presented as a drop down list. Unfortunately, the number of possible regular expressions grows exponentially with the length of the lines, such that this is not really usable in practice. Thus, the result list is cut off at 200 results. YMMV. Please enter some loglines for which you want generate possible grok patterns and then press You can also just try this out with a random example Some log lines you want to match. PLEASE NOTE: For the construction algorithms you should use SEVERAL LINES that should match the pattern, and choose lines that are as diverse as possible. That reduces the search space. The more, the better (within reasonable limits, of course). Please mark the libraries of grok Patterns from logstash v.2.4.0 which you want to use. You probably want to use grok-patterns if you use any of the others, since they rely on the basic patterns defined there. firewalls aws bro exim bind haproxy linux-syslog squid mcollective-patterns bacula postgresql java maven grok-patterns httpd redis nagios rails mongodb ruby mcollective junos You can also provide a library of some additional grok patterns in the same format as the pattern files linked above. On each line you give a pattern name, a space and the pattern. For example: WORD \b\w+\b At most 200 possible grok regex combinations that match all lines