mirror of
https://github.com/elastic/elasticsearch.git
synced 2025-04-25 23:57:20 -04:00
23 lines
502 B
Text
23 lines
502 B
Text
[[esql-grok]]
|
|
=== `GROK`
|
|
|
|
`GROK` enables you to extract structured data out of a string. `GROK` matches
|
|
the string against patterns, based on regular expressions, and extracts the
|
|
specified patterns as columns.
|
|
|
|
Refer to the <<grok-processor,grok processor documentation>> for the syntax for
|
|
of grok patterns.
|
|
|
|
For example:
|
|
|
|
[source,esql]
|
|
----
|
|
include::{esql-specs}/grok.csv-spec[tag=grok]
|
|
----
|
|
|
|
Returns:
|
|
|
|
[%header,format=dsv,separator=|]
|
|
|===
|
|
include::{esql-specs}/grok.csv-spec[tag=grok-result]
|
|
|===
|