Telegraf grok parsing error



I set up telegraf to use some custom grok patterns. One of the pattern files is the standard logstash grok patterns. The documentation suggests that the logstash patterns will work however I have noticed an error in the telegraf.log as follows:

2019-03-08T16:05:24Z E! [inputs.tail]: Error in plugin: E! Malformed log line in /motescan/scannet03/log/ag_history.log: [[Mar 08 2019, 16:05:22.781: rdata] Remote uploader version: 2.1.3], Error: error parsing regexp: invalid or unsupported Perl syntax: (?>

The offending part of the grok statement appears to be ‘(?>’ which is an ‘atomic group’. The logstash grok statements use this.

Has anyone else encountered this issue?

I am running telegraf 1.10.0


It appears the google re2 syntax does not support atomic groups (they call it possessive match).


The telegraf doc is confusing on this issue. The built-in grok patterns reference the logstash NUMBER pattern and the example(s) provided ( suggest the NUMBER pattern should work. However, the NUMBER pattern uses both atomic groups and negative look-behind which google re2 does not support.

Has anyone used the NUMBER grok pattern with telegraf?


NUMBER works fine.
Telegraf uses this library


Thank you @virunephilosof. I found your grok patterns were baked into Telegraf. I suggested that the documentation should be updated to reflect this.