Elasticsearch provides a large number of built-in processors that increases with every release. In the preceding examples, we have seen the
set and the
replace ones. In this recipe, we will cover one of the most used for log analysis: the grok processor, which is well known to Logstash users.
You need an up-and-running Elasticsearch installation, as we described in the Downloading and installing Elasticsearch recipe in Chapter 2, Downloading and Setup.
curl via the command line, you need to install
curl for your operative system.
To test a grok pattern against some log lines, we will perform the following steps: