Skip to content
/ Groppy Public

Facilitating regex creation and deploying custom grok patterns in an ELK environment ๐ŸฆŒ๐Ÿ“œ

License

Notifications You must be signed in to change notification settings

H4NM/Groppy

Folders and files

NameName
Last commit message
Last commit date

Latest commit

ย 

History

29 Commits
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 

Repository files navigation

Groppy

Python Versions Groppy version Packages License

A desktop application written purely in python using customtkinter and tksheet (and requests). This application is the ideal friend of someone who wants to create regex patterns. The application facilitates managing grok patterns, reading JSON-files and parsing fields in an ELK environment.

Details

The primary focus of this application was to facilitate working with regex. Although, i wrote this program with focus on minmal dependency on other libraries to make version control and code transparency better. This resulted in customtkinter, tksheet, requests, json, re and os being the main utilized libraries - all well known and trusted. Less is more. The application requires python 3.11+ in order to perform atomic grouping and possessive quantifiers. However, if no such regex is being used, the application can still be utilized given that included libraries support a lower version.

Features

  • Create and test regex
  • Query data from an elasticsearch REST API.
    • Select a field to retrieve data from, create a query (e.g. tags: "_grokparsefailure")
    • Auto discovers available indices and fields
    • HTTP Basic auth, API-Token, SSL Cert
  • Load local text files
    • Filter to load unique rows
  • Load local grok patterns
  • Load local JSON file
    • Specify which key to retrieve data from
  • Test grok patterns to see how applicable they are
    • Tests every pattern towards every row
    • Filter which grok patterns that should be tested (include/exclude)
  • Export grok patterns
  • Multiple different themes
    • Blue, Dark-Blue, DaynNight, FlipperZero, GhostTrain, Green, Greengage, GreyGhost, Hades, Harlequin, NightTrain, Oceanix, TestCard, TrojanBlue, Yellow
  • Dark and Light mode
  • Configuration file to save settings such as mode, theme, elasticsearch details

To Do:

  • Add client certificate option for ES communication

Themes

View themes

TrojanBlue

TrojanBlue

Hades

Hades

GhostTrain

GhostTrain

FlipperZero

FlipperZero

Greengage

Greengage

Settings file

A file called settings.json will be created on first launch with the following settings that may be altered which are loaded upon start.

{
    "mode": "Light",
    "theme": "GhostTrain",
    "elastic_host": "localhost",
    "elastic_port": "9200",
    "elastic_auth": false,
    "elastic_user": "",
    "elastic_api_key_is_used": true,
    "elastic_api_key_value": "UmVnZXhpbmcgaXMgZnVuIQ==",
    "elastic_cert_is_used": false,
    "elastic_cert_path": ""
}

About

Facilitating regex creation and deploying custom grok patterns in an ELK environment ๐ŸฆŒ๐Ÿ“œ

Topics

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages