A desktop application written purely in python using customtkinter and tksheet (and requests). This application is the ideal friend of someone who wants to create regex patterns. The application facilitates managing grok patterns, reading JSON-files and parsing fields in an ELK environment.
The primary focus of this application was to facilitate working with regex. Although, i wrote this program with focus on minmal dependency on other libraries to make version control and code transparency better. This resulted in customtkinter, tksheet, requests, json, re and os being the main utilized libraries - all well known and trusted. Less is more. The application requires python 3.11+ in order to perform atomic grouping and possessive quantifiers. However, if no such regex is being used, the application can still be utilized given that included libraries support a lower version.
- Create and test regex
- Query data from an elasticsearch REST API.
- Select a field to retrieve data from, create a query (e.g. tags: "_grokparsefailure")
- Auto discovers available indices and fields
- HTTP Basic auth, API-Token, SSL Cert
- Load local text files
- Filter to load unique rows
- Load local grok patterns
- Load local JSON file
- Specify which key to retrieve data from
- Test grok patterns to see how applicable they are
- Tests every pattern towards every row
- Filter which grok patterns that should be tested (include/exclude)
- Export grok patterns
- Multiple different themes
- Blue, Dark-Blue, DaynNight, FlipperZero, GhostTrain, Green, Greengage, GreyGhost, Hades, Harlequin, NightTrain, Oceanix, TestCard, TrojanBlue, Yellow
- Dark and Light mode
- Configuration file to save settings such as mode, theme, elasticsearch details
- Add client certificate option for ES communication
A file called settings.json will be created on first launch with the following settings that may be altered which are loaded upon start.
{
"mode": "Light",
"theme": "GhostTrain",
"elastic_host": "localhost",
"elastic_port": "9200",
"elastic_auth": false,
"elastic_user": "",
"elastic_api_key_is_used": true,
"elastic_api_key_value": "UmVnZXhpbmcgaXMgZnVuIQ==",
"elastic_cert_is_used": false,
"elastic_cert_path": ""
}