mmastrac
diff --git a/‎CHANGELOG.md‎
Lines changed: 19 additions & 0 deletions b/‎CHANGELOG.md‎
Lines changed: 19 additions & 0 deletions
diff --git a/‎Cargo.toml‎
Lines changed: 5 additions & 1 deletion b/‎Cargo.toml‎
Lines changed: 5 additions & 1 deletion
diff --git a/‎README.md‎
Lines changed: 58 additions & 13 deletions b/‎README.md‎
Lines changed: 58 additions & 13 deletions
diff --git a/‎benches/apache.rs‎
Lines changed: 8 additions & 8 deletions b/‎benches/apache.rs‎
Lines changed: 8 additions & 8 deletions
diff --git a/‎benches/log.rs‎
Lines changed: 4 additions & 4 deletions b/‎benches/log.rs‎
Lines changed: 4 additions & 4 deletions
diff --git a/‎benches/pattern.rs‎
Lines changed: 36 additions & 0 deletions b/‎benches/pattern.rs‎
Lines changed: 36 additions & 0 deletions
@@ -4,6 +4,23 @@ All user visible changes to this project will be documented in this file.
 This project adheres to [Semantic Versioning](http://semver.org/), as described
 for Rust libraries in [RFC #1105](https://github.com/rust-lang/rfcs/blob/master/text/1105-api-evolution.md)
 
+## 2.3.0 - 2025-07-05
+
+ * Add support for `extract` in pattern definitions, allowing the `extract` in
+   `%{name:alias:extract}` to be retrieved from the pattern.
+ * Add `Pattern::pattern()` to `Matches` to get the pattern that was used to
+   match this `Matches` instance.
+ * Reduced the scope of inline pattern definitions to the current pattern only
+   (before 2.2.0 they were added globally, in 2.2.0 they were available to all
+   nested patterns, and in 2.3.0 they are only available to the current
+   pattern).
+ * `Grok::compile()` is now `&self` instead of `&mut self`.
+ * `Grok::with_default_patterns()` now uses `Cow` for the built-in patterns and
+   allocates significantly less per `Grok` instance (as well as being much
+   faster).
+ * Built-in patterns are available individually for reference in the new
+   `patterns` module.
+
 ## 2.2.0 - 2025-07-04
 
  * Rewrote the pattern parsing to avoid using regular expressions, making all
@@ -18,6 +35,8 @@ for Rust libraries in [RFC #1105](https://github.com/rust-lang/rfcs/blob/master/
  * (breaking) `Matches::len()` was removed as it was previously reporting the
    pattern name count. Use `Matches::iter().count()` instead.
  * (breaking) `Matches::is_empty()` was removed. Use `Matches::iter().count() == 0` instead.
+ * (breaking) Inline pattern definitions are no longer added to the global
+   pattern list.
 
 ## 2.1.0 - 2025-05-29
 
 
@@ -1,6 +1,6 @@
 [package]
 name = "grok"
-version = "2.2.0"
+version = "2.3.0"
 authors = ["Matt Mastracci <[email protected]>", "Michael Nitschinger <[email protected]>"]
 license = "Apache-2.0"
 readme = "README.md"
@@ -55,3 +55,7 @@ harness = false
 [[bench]]
 name = "simple"
 harness = false
+
+[[bench]]
+name = "pattern"
+harness = false
@@ -1,22 +1,28 @@
 grok
 ====
 
-The `grok` library allows you to quickly parse and match potentially unstructured data into a structed result. It is especially helpful when parsing logfiles of all kinds. This [Rust](http://rust-lang.org) version is mainly a port from the [java version](https://github.com/thekrakken/java-grok) which in turn drew inspiration from the original [ruby version](https://github.com/logstash-plugins/logstash-filter-grok).
-
 [![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://opensource.org/licenses/Apache-2.0)
 [![Latest Version](https://img.shields.io/crates/v/grok.svg)](https://crates.io/crates/grok)
 [![Documentation](https://docs.rs/grok/badge.svg)](https://docs.rs/grok)
 ![Continuous Integration](https://github.com/mmastrac/grok/actions/workflows/ci.yml/badge.svg?branch=main)
 
+The `grok` library allows you to quickly parse and match potentially
+unstructured data into a structed result. It is especially helpful when parsing
+logfiles of all kinds. This [Rust](http://rust-lang.org) version is mainly a
+port from the [Java version](https://github.com/thekrakken/java-grok) which in
+turn drew inspiration from the original [Ruby
+version](https://github.com/logstash-plugins/logstash-filter-grok).
+
 ## Usage
 Add this to your `Cargo.toml`:
 
 ```toml
 [dependencies]
-grok = "2.0"
+grok = "2.3"
 ```
 
-Here is a simple example which stores a pattern, compiles it and then matches a line on it:
+Here is a simple example which stores a pattern, compiles it and then matches a
+line on it:
 
 ```rust
 use grok::Grok;
@@ -41,11 +47,50 @@ fn main() {
 }
 ```
 
-Note that compiling the pattern is an expensive operation, so very similar to plain regex handling the `compile`
-operation should be performed once and then the `match_against` method on the pattern can be called repeatedly
-in a loop or iterator. The returned pattern is not bound to the lifetime of the original grok instance so it can
-be passed freely around. For performance reasons the `Match` returned is bound to the pattern lifetime so keep
-them close together or clone/copy out the containing results as needed.
+Note that compiling the pattern is an expensive operation, so very similar to
+plain regex handling the `compile` operation should be performed once and then
+the `match_against` method on the pattern can be called repeatedly in a loop or
+iterator. The returned pattern is not bound to the lifetime of the original grok
+instance so it can be passed freely around. For performance reasons the `Match`
+returned is bound to the pattern lifetime so keep them close together or
+clone/copy out the containing results as needed.
+
+## Pattern Syntax
+
+A grok pattern is a standard regular expression string with grok pattern
+placeholders embedded in it.
+
+The grok pattern placeholders are of the form
+`%{name:alias:extract=definition}`, where `name` is the name of the pattern,
+`alias` is the alias of the pattern, `extract` is the extract of the pattern,
+and `definition` is the definition of the pattern.
+
+- `name` is the name of the pattern and is required. It may contain any
+alphanumeric character, or `_`.
+- `alias` is the alias of the pattern and is optional. It may contain any
+alphanumeric character, or any of `_-[].`. If extract is provided, `alias` may
+be empty.
+- `extract` is the extract of the pattern and is optional. It may contain any
+alphanumeric character, or any of `_-[].`.
+- `definition` is the definition of the pattern and is optional. It may contain
+any character other than `{` or `}`.
+
+A literal `%` character may appear in a grok pattern as long as it is not
+followed by `{`. You can surround the percent with grouped parentheses
+`(%){..}`, a non-capturing group `(?:%){..}`, or use the `\x25` escape
+sequence, ie: `\x25{..}`.
+
+For example, to match log messages like so:
+
+```text
+2016-09-19T18:19:00 [8.8.8.8:prd] DEBUG this is an example log message
+```
+
+... the following pattern could be used:
+
+```text
+%{TIMESTAMP_ISO8601:timestamp} \[%{IPV4:ip}:%{WORD:environment}\] %{LOGLEVEL:log_level} %{GREEDYDATA:message}
+```
 
 ## Further Information
 
@@ -59,31 +104,31 @@ The default engine is `onig` for compatibility with previous 2.x releases:
 
 ```toml
 [dependencies]
-grok = { version = "2.0", features = ["onig"] }
+grok = { version = "2.3", features = ["onig"] }
 ```
 
 The `pcre2` engine is a more complete Rust regex library supporting
 backtracking, JIT compilation and is the fastest engine for most use cases:
 
 ```toml
 [dependencies]
-grok = { version = "2.0", default-features = false, features = ["pcre2"] }
+grok = { version = "2.3", default-features = false, features = ["pcre2"] }
 ```
 
 The `fancy-regex` engine is a more complete Rust regex library supporting
 backtracking:
 
 ```toml
 [dependencies]
-grok = { version = "2.0", default-features = false, features = ["fancy-regex"] }
+grok = { version = "2.3", default-features = false, features = ["fancy-regex"] }
 ```
 
 The `regex` engine is supported, but it does not support backtracking, so many
 patterns are unusable. This is not recommended for most use cases:
 
 ```toml
 [dependencies]
-grok = { version = "2.0", default-features = false, features = ["regex"] }
+grok = { version = "2.3", default-features = false, features = ["regex"] }
 ```
 
 ## License
 
@@ -11,7 +11,7 @@ fn main() {
 fn r#match(b: divan::Bencher) {
     let msg = r#"220.181.108.96 - - [13/Jun/2015:21:14:28 +0000] "GET /blog/geekery/xvfb-firefox.html HTTP/1.1" 200 10975 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)""#;
 
-    let mut grok = Grok::default();
+    let grok = Grok::default();
     let pattern = grok.compile(r#"%{IPORHOST:clientip} %{USER:ident} %{USER:auth} \[%{HTTPDATE:timestamp}\] "%{WORD:verb} %{DATA:request} HTTP/%{NUMBER:httpversion}" %{NUMBER:response} %{NUMBER:bytes} %{QS:referrer} %{QS:agent}"#, false)
         .expect("Error while compiling!");
 
@@ -26,7 +26,7 @@ fn r#match(b: divan::Bencher) {
 fn no_match_start(b: divan::Bencher) {
     let msg = r#"tash-scale11x/css/fonts/Roboto-Regular.ttf HTTP/1.1" 200 41820 "http://semicomplete.com/presentations/logs"#;
 
-    let mut grok = Grok::default();
+    let grok = Grok::default();
     let pattern = grok.compile(r#"%{IPORHOST:clientip} %{USER:ident} %{USER:auth} \[%{HTTPDATE:timestamp}\] "%{WORD:verb} %{DATA:request} HTTP/%{NUMBER:httpversion}" %{NUMBER:response} %{NUMBER:bytes} %{QS:referrer} %{QS:agent}"#, false)
         .expect("Error while compiling!");
 
@@ -41,7 +41,7 @@ fn no_match_start(b: divan::Bencher) {
 fn no_match_middle(b: divan::Bencher) {
     let msg = r#"220.181.108.96 - - [13/Jun/2015:21:14:28 +0000] "111 /blog/geekery/xvfb-firefox.html HTTP/1.1" 200 10975 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)""#;
 
-    let mut grok = Grok::default();
+    let grok = Grok::default();
     let pattern = grok.compile(r#"%{IPORHOST:clientip} %{USER:ident} %{USER:auth} \[%{HTTPDATE:timestamp}\] "%{WORD:verb} %{DATA:request} HTTP/%{NUMBER:httpversion}" %{NUMBER:response} %{NUMBER:bytes} %{QS:referrer} %{QS:agent}"#, false)
         .expect("Error while compiling!");
 
@@ -56,7 +56,7 @@ fn no_match_middle(b: divan::Bencher) {
 fn no_match_end(b: divan::Bencher) {
     let msg = r#"220.181.108.96 - - [13/Jun/2015:21:14:28 +0000] "GET /blog/geekery/xvfb-firefox.html HTTP/1.1" 200 10975 "-" 1"#;
 
-    let mut grok = Grok::default();
+    let grok = Grok::default();
     let pattern = grok.compile(r#"%{IPORHOST:clientip} %{USER:ident} %{USER:auth} \[%{HTTPDATE:timestamp}\] "%{WORD:verb} %{DATA:request} HTTP/%{NUMBER:httpversion}" %{NUMBER:response} %{NUMBER:bytes} %{QS:referrer} %{QS:agent}"#, false)
         .expect("Error while compiling!");
 
@@ -71,7 +71,7 @@ fn no_match_end(b: divan::Bencher) {
 fn match_anchor(b: divan::Bencher) {
     let msg = r#"220.181.108.96 - - [13/Jun/2015:21:14:28 +0000] "GET /blog/geekery/xvfb-firefox.html HTTP/1.1" 200 10975 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)""#;
 
-    let mut grok = Grok::default();
+    let grok = Grok::default();
     let pattern = grok.compile(r#"^%{IPORHOST:clientip} %{USER:ident} %{USER:auth} \[%{HTTPDATE:timestamp}\] "%{WORD:verb} %{DATA:request} HTTP/%{NUMBER:httpversion}" %{NUMBER:response} %{NUMBER:bytes} %{QS:referrer} %{QS:agent}$"#, false)
         .expect("Error while compiling!");
 
@@ -86,7 +86,7 @@ fn match_anchor(b: divan::Bencher) {
 fn no_match_start_anchor(b: divan::Bencher) {
     let msg = r#"tash-scale11x/css/fonts/Roboto-Regular.ttf HTTP/1.1" 200 41820 "http://semicomplete.com/presentations/logs"#;
 
-    let mut grok = Grok::default();
+    let grok = Grok::default();
     let pattern = grok.compile(r#"^%{IPORHOST:clientip} %{USER:ident} %{USER:auth} \[%{HTTPDATE:timestamp}\] "%{WORD:verb} %{DATA:request} HTTP/%{NUMBER:httpversion}" %{NUMBER:response} %{NUMBER:bytes} %{QS:referrer} %{QS:agent}$"#, false)
         .expect("Error while compiling!");
 
@@ -101,7 +101,7 @@ fn no_match_start_anchor(b: divan::Bencher) {
 fn no_match_middle_anchor(b: divan::Bencher) {
     let msg = r#"220.181.108.96 - - [13/Jun/2015:21:14:28 +0000] "111 /blog/geekery/xvfb-firefox.html HTTP/1.1" 200 10975 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)""#;
 
-    let mut grok = Grok::default();
+    let grok = Grok::default();
     let pattern = grok.compile(r#"^%{IPORHOST:clientip} %{USER:ident} %{USER:auth} \[%{HTTPDATE:timestamp}\] "%{WORD:verb} %{DATA:request} HTTP/%{NUMBER:httpversion}" %{NUMBER:response} %{NUMBER:bytes} %{QS:referrer} %{QS:agent}$"#, false)
         .expect("Error while compiling!");
 
@@ -116,7 +116,7 @@ fn no_match_middle_anchor(b: divan::Bencher) {
 fn no_match_end_anchor(b: divan::Bencher) {
     let msg = r#"220.181.108.96 - - [13/Jun/2015:21:14:28 +0000] "GET /blog/geekery/xvfb-firefox.html HTTP/1.1" 200 10975 "-" 1"#;
 
-    let mut grok = Grok::default();
+    let grok = Grok::default();
     let pattern = grok.compile(r#"^%{IPORHOST:clientip} %{USER:ident} %{USER:auth} \[%{HTTPDATE:timestamp}\] "%{WORD:verb} %{DATA:request} HTTP/%{NUMBER:httpversion}" %{NUMBER:response} %{NUMBER:bytes} %{QS:referrer} %{QS:agent}$"#, false)
         .expect("Error while compiling!");
 
 
@@ -11,7 +11,7 @@ fn main() {
 fn r#match(b: divan::Bencher) {
     let msg = "2016-09-19T18:19:00 [8.8.8.8:prd] DEBUG this is an example log message";
 
-    let mut grok = Grok::default();
+    let grok = Grok::default();
     let pattern = grok.compile(r"%{TIMESTAMP_ISO8601:timestamp} \[%{IPV4:ip}:%{WORD:environment}\] %{LOGLEVEL:log_level} %{GREEDYDATA:message}", false)
         .expect("Error while compiling!");
 
@@ -26,7 +26,7 @@ fn r#match(b: divan::Bencher) {
 fn no_match(b: divan::Bencher) {
     let msg = "2016-09-19T18:19:00 [8.8.8.8:prd] DEBUG this is an example log message";
 
-    let mut grok = Grok::default();
+    let grok = Grok::default();
     let pattern = grok.compile(r"%{TIMESTAMP_ISO8601:timestamp} \[%{IPV4:ip};%{WORD:environment}\] %{LOGLEVEL:log_level} %{GREEDYDATA:message}", false)
         .expect("Error while compiling!");
 
@@ -41,7 +41,7 @@ fn no_match(b: divan::Bencher) {
 fn match_anchor(b: divan::Bencher) {
     let msg = "2016-09-19T18:19:00 [8.8.8.8:prd] DEBUG this is an example log message";
 
-    let mut grok = Grok::default();
+    let grok = Grok::default();
     let pattern = grok.compile(r"^%{TIMESTAMP_ISO8601:timestamp} \[%{IPV4:ip}:%{WORD:environment}\] %{LOGLEVEL:log_level} %{GREEDYDATA:message}$", false)
         .expect("Error while compiling!");
 
@@ -56,7 +56,7 @@ fn match_anchor(b: divan::Bencher) {
 fn no_match_anchor(b: divan::Bencher) {
     let msg = "2016-09-19T18:19:00 [8.8.8.8;prd] DEBUG this is an example log message";
 
-    let mut grok = Grok::default();
+    let grok = Grok::default();
     let pattern = grok.compile(r"^%{TIMESTAMP_ISO8601:timestamp} \[%{IPV4:ip}:%{WORD:environment}\] %{LOGLEVEL:log_level} %{GREEDYDATA:message}$", false)
         .expect("Error while compiling!");
 
 
@@ -0,0 +1,36 @@
+#![allow(clippy::incompatible_msrv)]
+// ^need 1.66 for `black_box`
+
+use grok::Grok;
+
+fn main() {
+    divan::main();
+}
+
+#[divan::bench]
+fn create_with_default_patterns(b: divan::Bencher) {
+    let grok = Grok::with_default_patterns();
+    divan::black_box(grok);
+    b.bench(|| {
+        let grok = Grok::with_default_patterns();
+        divan::black_box(grok);
+    });
+}
+
+#[divan::bench]
+fn parse_complex_pattern(b: divan::Bencher) {
+    let grok = Grok::with_default_patterns();
+    b.bench(|| {
+        let pattern = grok.compile("%{BACULA_LOGLINE}", false).unwrap();
+        divan::black_box(pattern);
+    });
+}
+
+#[divan::bench]
+fn parse_complex_pattern_alias_only(b: divan::Bencher) {
+    let grok = Grok::with_default_patterns();
+    b.bench(|| {
+        let pattern = grok.compile("%{BACULA_LOGLINE}", true).unwrap();
+        divan::black_box(pattern);
+    });
+}