# Grok Parser ## Overview Grok parser is a filter that helps analyze and structure unstructured data. Grok parser uses patterns to parse log data. *** ## Configure Grok parser To create a Grok parser configuration, follow the instructions below: 1. In the **Processor information** section , enter general information for a processor according to the instructions at [Processor](https://docs-vngcloud-vn.translate.goog/vng-cloud-document/v/vn/vmonitor/dashboards/logs/lam-viec-voi-log-pipeline/processor) . In this content, you will choose **Processor type** as **Grok Parser** . 2. In the **Parsing rule** section , enter the following information: 2.1 Enter **Source field** : field contains logs that will need to be parsed. 2.2 Enter **Target field** : field will be overwritten in destination log project, normally you will not need to enter this information 2.3 Enter **Rule pattern** : contains grok pattern to match source field and parse out according to structure. For example:

Source log project	Destination log project	Message (field logs mà chúng tôi thực hiện parser)	Rule pattern	Kết quả parser
webserver	webserver-parse	`87.251.81.179 - - [01/Aug/2023:12:16:39 +0200] "GET /core/themes/theme.inc/?post == HTTP/1.0" 200 63388`	%{IP:client_ip} %{USER:ident} %{USER:auth} \[%{HTTPDATE:timestamp}\] "%{WORD:http_method} %{URIPATHPARAM:request} HTTP/%{NUMBER:http_version}" %{NUMBER:response_code} %{NUMBER:response_size}	{ "request": "/core/themes/theme.inc/?post==", "MONTH": "Aug", "response_code": "200", "IPV6": null, "auth": "-", "HOUR": "12", "ident": "-", "IPV4": "87.251.81.179", "BASE10NUM": [ "1.0", "200", "63388" ], "http_version": "1.0", "TIME": "12:16:39", "URIQUERY": "post==", "INT": "+0200", "response_size": "63388", "http_method": "GET", "YEAR": "2023", "URIPATH": "/core/themes/theme.inc/", "USERNAME": [ "-", "-" ], "client_ip": "87.251.81.179", "MINUTE": "16", "SECOND": "39", "MONTHDAY": "01", "timestamp": "01/Aug/2023:12:16:39 +0200" }

3\. In the **Test rules** section , enter the following information: * Enter **Log samples** as sample log lines so you can check if the rule pattern is parsed successfully. * Click **Test your rules** to see if the system parses successfully

*** #### Store and reuse Parsing rules * You can store a parsing rule by checking **Save this rule** , then entering a memorable name for the parsing rule you want to store. The mnemonic name has a minimum length of 5 characters, a maximum length of 255 characters and can only include upper and lower case letters (az, AZ), numbers (0-9), and dots (.), space ( ), underscore (\_), hyphen (-), and the @ character. * After the parsing rule has been stored, in subsequent processor creations you can reuse this rule by selecting **Rule presets** in the Pasing rule section. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.vngcloud.vn/vng-cloud-document/vmonitor/dashboards/logs/lam-viec-voi-log-pipeline/processor/grok-parser.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.