{"id":19495813,"url":"https://github.com/aegoroff/grok","last_synced_at":"2026-01-24T07:09:40.977Z","repository":{"id":148336523,"uuid":"42768062","full_name":"aegoroff/grok","owner":"aegoroff","description":"Regular expressions macro engine","archived":false,"fork":false,"pushed_at":"2025-12-26T06:06:28.000Z","size":3465,"stargazers_count":5,"open_issues_count":0,"forks_count":2,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-12-26T09:58:25.678Z","etag":null,"topics":["c","grok","regular-expression"],"latest_commit_sha":null,"homepage":null,"language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/aegoroff.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2015-09-19T09:56:21.000Z","updated_at":"2025-12-24T19:27:30.000Z","dependencies_parsed_at":"2023-11-11T08:27:09.446Z","dependency_job_id":"2a2fe3ef-f885-4dc4-874b-03c244dc3a41","html_url":"https://github.com/aegoroff/grok","commit_stats":null,"previous_names":[],"tags_count":71,"template":false,"template_full_name":null,"purl":"pkg:github/aegoroff/grok","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aegoroff%2Fgrok","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aegoroff%2Fgrok/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aegoroff%2Fgrok/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aegoroff%2Fgrok/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/aegoroff","download_url":"https://codeload.github.com/aegoroff/grok/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aegoroff%2Fgrok/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28105945,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-12-28T02:00:05.685Z","response_time":62,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["c","grok","regular-expression"],"created_at":"2024-11-10T21:39:04.791Z","updated_at":"2026-01-24T07:09:40.969Z","avatar_url":"https://github.com/aegoroff.png","language":"C","funding_links":[],"categories":[],"sub_categories":[],"readme":"# GROK\n\n[![Codacy Badge](https://app.codacy.com/project/badge/Grade/dde2c10db42548ffafaa8b1d1ceea8a9)](https://app.codacy.com/gh/aegoroff/grok/dashboard?utm_source=gh\u0026utm_medium=referral\u0026utm_content=\u0026utm_campaign=Badge_grade)\n[![CI Build](https://github.com/aegoroff/grok/actions/workflows/ci_build.yml/badge.svg)](https://github.com/aegoroff/grok/actions/workflows/ci_build.yml)\n\n**GROK** is a powerful command-line tool like UNIX `grep` on steroids. It uses grok patterns (named regular expression macros) to simplify complex pattern matching tasks.\n\n## Overview\n\nOften, regular expressions become huge and hard to maintain. To resolve this, **grok patterns** (macros) can be applied. The term \"grok\" is borrowed from the Logstash project. Grok patterns are named references to regular expressions that can be rather complex. These regular expressions can contain references to other groks, allowing you to build complex patterns from simple, reusable components.\n\nInstead of writing complex regular expressions, you can use a macro name defined in pattern files, making your pattern matching more readable and maintainable.\n\n## Features\n\n- 🚀 **Fast pattern matching** using PCRE2\n- 📝 **Named pattern macros** for reusable regular expressions\n- 🔗 **Pattern composition** - groks can reference other groks\n- 📁 **Multiple input modes**: files, strings, and stdin\n- 🎯 **Info mode** for detailed match information\n- 🌍 **Cross-platform** support (Linux, macOS, Windows)\n- 📦 **Pre-built binaries** for easy installation\n- 🔍 **Built-in pattern libraries** for common use cases\n\n## Table of Contents\n\n- [Installation](#installation)\n- [Quick Start](#quick-start)\n- [Usage](#usage)\n- [Examples](#examples)\n- [Building from Source](#building-from-source)\n- [Pattern Files](#pattern-files)\n- [License](#license)\n\n## Installation\n\n### Homebrew (macOS and Linux)\n\nAdd the tap (one-time setup):\n```bash\nbrew tap aegoroff/tap\n```\n\nInstall grok:\n```bash\nbrew install aegoroff/tap/grok\n```\n\nUpdate grok:\n```bash\nbrew upgrade aegoroff/tap/grok\n```\n\n### Scoop (Windows)\n\n```bash\nscoop bucket add aegoroff https://github.com/aegoroff/scoop-bucket.git\nscoop install grok\n```\n\n### AUR (Arch Linux)\n\nInstall the binary package:\n```bash\nyay -S grok-tool-bin\n```\n\nIf the package is not found, update repository information:\n```bash\nyay -Syyu grok-tool-bin\n```\n\n### Manual Installation\n\n1. Download pre-compiled binaries from the [releases page](https://github.com/aegoroff/grok/releases)\n2. Extract and copy the executable to your desired location\n3. **Linux**: Copy `*.patterns` files to `/usr/share/grok/patterns` (create the directory if it doesn't exist)\n4. **Other platforms**: Place `*.patterns` files in the same directory as the executable\n\n## Quick Start\n\nList all available pattern macros:\n```bash\ngrok macro\n```\n\nView the regular expression for a specific macro:\n```bash\ngrok macro UNIXPATH\n```\n\nMatch a string:\n```bash\ngrok string -m EMAILADDRESS \"user@example.com\"\n```\n\nSearch in a file:\n```bash\ngrok file -m SYSLOGBASE /var/log/system.log\n```\n\nPipe from stdin:\n```bash\ncat /var/log/system.log | grok stdin -m SYSLOGBASE\n```\n\n## Usage\n\n### General Syntax\n\n```bash\ngrok \u003cCOMMAND\u003e [OPTIONS]\n```\n\n### Commands\n\n| Command | Description |\n|---------|-------------|\n| `string` | Single string matching mode |\n| `file` | File matching mode |\n| `stdin` | Standard input (stdin) matching mode |\n| `macro` | Macro information mode - display macro regexp or list all macros |\n\nRun `grok \u003ccommand\u003e -h` or `grok \u003ccommand\u003e --help` for detailed help on any command.\n\n### Common Options\n\n- `-p, --patterns=\u003cpatterns\u003e...` - One or more pattern files. If not set, current directory is used to search for all `*.patterns` files\n- `-m, --macro=\u003cSTRING\u003e` - Pattern macro to build regexp (required for `string`, `file`, and `stdin` commands)\n- `-i, --info` - Output matched string with additional information (captured groups, etc.)\n- `-h, --help` - Print help and exit\n\n### Command Details\n\n#### `string` - Single String Matching\n\nMatch a single string against a grok pattern.\n\n```bash\ngrok string [OPTIONS] \u003cSTRING\u003e\n```\n\n**Arguments:**\n- `STRING` - String to match\n\n**Example:**\n```bash\ngrok string -m EMAILADDRESS \"user@example.com\"\n```\n\n#### `file` - File Matching\n\nSearch for patterns in a file.\n\n```bash\ngrok file [OPTIONS] \u003cPATH\u003e\n```\n\n**Arguments:**\n- `PATH` - Full path to file to read data from\n\n**Options:**\n- `-c, --count` - Print only the number of matched lines\n- `-n, --line-number` - Print line numbers with matching lines\n\n**Example:**\n```bash\ngrok file -m SYSLOGBASE /var/log/system.log\n```\n\n#### `stdin` - Standard Input Matching\n\nProcess input from standard input (pipes, redirects, etc.).\n\n```bash\ngrok stdin [OPTIONS]\n```\n\n**Example:**\n```bash\ncat /var/log/system.log | grok stdin -m SYSLOGBASE\n```\n\n**Options:**\n- `-c, --count` - Print only the number of matched lines\n- `-n, --line-number` - Print line numbers with matching lines\n\n#### `macro` - Macro Information\n\nDisplay macro information or list all available macros.\n\n```bash\ngrok macro [OPTIONS] [MACRO]\n```\n\n**Arguments:**\n- `MACRO` - (Optional) Macro name to expand to its real regular expression\n\n**Examples:**\n```bash\n# List all available macros\ngrok macro\n\n# Show the regexp for a specific macro\ngrok macro UNIXPATH\n```\n## Examples\n\n### List Available Macros\n\nOutput all possible macro names (to pass as `-m` parameter):\n\n```bash\ngrok macro\n```\n\n### View Macro Regular Expression\n\nOutput the regular expression that a macro will be expanded to:\n\n```bash\ngrok macro UNIXPATH\n```\n\n**Output:**\n```\n(?\u003e/(?\u003e[\\w_%!$@:.,-]+|\\\\.)*)+\n```\n\n### Match a String\n\nMatch an email address:\n\n```bash\ngrok string -m EMAILADDRESS \"user@example.com\"\n```\n\nWith info mode to see captured groups:\n\n```bash\ngrok string -m EMAILADDRESS -i \"user@example.com\"\n```\n\n### Search in a File\n\nSearch for syslog entries in a log file:\n\n```bash\ngrok file -m SYSLOGBASE /var/log/system.log\n```\n\nWith info mode to see line numbers and captured groups:\n\n```bash\ngrok file -m SYSLOGBASE -i /var/log/system.log\n```\n\n### Process from Standard Input\n\nSame as above but reading from stdin:\n\n```bash\ncat /var/log/system.log | grok stdin -m SYSLOGBASE\n```\n\nOr with a pipe:\n\n```bash\ntail -f /var/log/system.log | grok stdin -m SYSLOGBASE\n```\n\n### Using Custom Pattern Files\n\nSpecify custom pattern files:\n\n```bash\ngrok file -p /path/to/custom.patterns -m MYCUSTOMPATTERN /path/to/file.log\n```\n\nMultiple pattern files:\n\n```bash\ngrok file -p patterns/custom.patterns -p patterns/webservers.patterns -m APACHELOG access.log\n```\n\n## Building from Source\n\n### Prerequisites\n\n- [Zig](https://ziglang.org/) compiler (latest stable version)\n- `flex` (or `win_flex` on Windows)\n- `bison` (or `win_bison` on Windows)\n- PCRE2 library (automatically handled by Zig package manager)\n\n### Build Steps\n\n1. Clone the repository:\n```bash\ngit clone https://github.com/aegoroff/grok.git\ncd grok\n```\n\n2. Build the project:\n```bash\nzig build\n```\n\nThe executable will be in `zig-out/bin/`.\n\n3. Run tests:\n```bash\nzig build test\n```\n\n4. Create a release archive:\n```bash\nzig build archive\n```\n\n### Cross-Platform Building\n\nThe project supports cross-compilation. Use the build scripts:\n\n```bash\n# Build for all platforms\n./build_all_zig.sh\n\n# Build for Linux only\n./linux_build_zig.sh\n```\n\n## Pattern Files\n\nGrok uses pattern files (`.patterns`) that define named macros. The project includes several built-in pattern files:\n\n- `grok.patterns` - Common patterns (numbers, strings, paths, etc.)\n- `linuxsyslog.patterns` - Linux syslog patterns\n- `webservers.patterns` - Web server log patterns\n- `custom.patterns` - Custom patterns\n\nPattern files use a simple syntax:\n```\nMACRONAME regexp\n```\n\nMacros can reference other macros using `%{MACRONAME:fieldname}` syntax.\n\n## License\n\nCopyright (c) 2018-2026 Alexander Egorov\n\nPermission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the \"Software\"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:\n\nThe above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Faegoroff%2Fgrok","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Faegoroff%2Fgrok","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Faegoroff%2Fgrok/lists"}