Default grok patterns path

Question

I have installed Logstash on Ubuntu Server 14. Where can I find the default grok patterns that Logstash uses when filtering logs ? Thanks.

Himanshu Chauhan · Answer 1 · 2018-01-04T11:03:07.110

I have also installed ELK stack on Ubuntu 14.04. The location of patterns that grok uses is in the following directory

/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-patterns-core-2.0.5/patterns/

which includes the following default patterns

aws                   firewalls             junos                 mongodb               rails
bacula                grok-patterns         linux-syslog          nagios                redis
bro                   haproxy               mcollective           output.txt            ruby
exim                  java                  mcollective-patterns  postgresql            test.sh

Or you can just search for the patterns as follows:

find / -name patterns

This will show you the directory of patterns you are looking for.

For faster searching for a directory, you can use `find / -type d -name patterns` — Excalibur, May 15 '18 at 15:08

score 6 · Answer 2 · answered Aug 10 '15 at 13:52

6

From the grok documentation:

Logstash ships with about 120 patterns by default. You can find them here:

https://github.com/logstash-plugins/logstash-patterns-core/tree/master/patterns.

answered Aug 10 '15 at 13:52

dtrv

693
1
6
14

2

I think what he means is, where do this patterns is located in the host where logstash is installed. – user181677 Apr 26 '16 at 08:02

score 4 · Answer 3 · answered Dec 12 '17 at 18:06

If you know the logstash installation path, say cd /usr/share/logstash/

it is here:

cd /vendor/bundle/jruby/2.3.0/gems/logstash-patterns-core-4.1.2/patterns/

If installed via apt-get, to /usr/share/logstash/ it is here:

/usr/share/logstash/vendor/bundle/jruby/2.3.0/gems/logstash-patterns-core-4.1.2/patterns/

Default grok patterns path

3 Answers3

find / -name patterns