Introducing Grok.NET

What is grok?

it’s a well established way of parsing, using Regular Expressions, files with single lines (e.g. Log files).

Why Create a .NET version?

Speed, the ability to use it in AWS Lambda, and because dotnetcore is my preferred language.


var grok = new Grok("<grok string>");
var response = grok.ParseLine("	<line to parse>");
foreach (var match in response.Captures)
    Console.WriteLine($"Name: {match.Item1} Value: {match.Item2?.ToString()}");
var response2 = grok.ParseLine("	<line to parse>");


So far, I’m seeing ~0.0002ms for complex patterns sure AWS ELB logs.  I think this is the benefit using compiled Regex, as we reuse the same pattern on the second parse.

"%{TIMESTAMP_ISO8601:timestamp} %{NOTSPACE:elb} %{IP:clientip}:%{INT:clientport:int} (?:(%{IP:backendip}:?:%{INT:backendport:int})|-) %{NUMBER:request_processing_time:float} %{NUMBER:backend_processing_time:float} %{NUMBER:response_processing_time:float} (?:-|%{INT:elb_status_code:int}) (?:-|%{INT:backend_status_code:int}) %{INT:received_bytes:int} %{INT:sent_bytes:int} \"%{ELB_REQUEST_LINE}\" \"(?:-|%{DATA:user_agent})\" (?:-|%{NOTSPACE:ssl_cipher}) (?:-|%{NOTSPACE:ssl_protocol})"

Where can I get it?

It will going up on Nuget at some point this week, it will be a rough and ready version, with some core patterns, there may be breaking changes as I figure out the best option for the outbound interface.

It will also be opensource on GitHub, if anyone does want to take it on, and do something amazing with it.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Website Built with

Up ↑

%d bloggers like this: