Skip to content

Synopsis [options]


Develop, test and run your PunchPlatform punchlets.


  • -c,--code <arg>

    • Use an inline punchlet code
  • -g,--grok <arg>

    • Change default grok-pattern resources directory (resource/punch/pattern)
  • -h,--help

    • Print help and usage
  • -i,--input-fields <arg>

    • Use another input fields key (e.g. [logs][others])
  • -I,--input-file <arg>

    • Read log samples from a file
  • -it,--interactive

    • Interactive mode, the punchlet will wait for stdin inputs
  • -j,--json-input

    • Give a json formatted string as root input to the punchlet
  • -o,--output-fields <arg>

    • Use another output fields key (e.g. [a][b])
  • -O,--output-file <arg>

    • Write your output to this file
  • -p,--punchlet <arg>

    • Punchlet file (.punch)
  • -q,--quiet

    • Quiet mode, root tuple will not be printed out
  • -r,--resource <arg>

    • Punchlet resource file, .json file or directory
  • -t,--run-unit-test <arg>

    • Run a unit test
  • -tk,--tick <arg>

    • Processing tick frequency in milliseconds
  • -u,--create-unit-test <arg>

    • Generate unit test files


Interactive mode, the puncher will wait for user input and output the result for each new line:

$ -it -c '{[a][b] = "test";}'

Compile multiple punchlets and use [logs][data] as input field:

$ -i [logs][data] -p p1.punch -p p2.punch

Use a json as punchlet(s) input. It allows more complex inputs based on multiple fields:

$ -j '{"logs":{"data":"My log"}}' -p p1.punch

Quiet mode, do not output the final root tuple:

$ -q -c '{[test] = "test"}'

The Puncher can read input from stdin. Feel free to pipe it your sample inputs:

$ echo "my log" | -c '{;}'
$ -c '{;}' <<< "my log"
$ cat log_sample.txt | -p p1.punch
$ -p p1.punch < log_sample.txt

Set input and output files:

$ -I log_sample.txt -O dir/output.txt -p p1.txt

Limit the speed processing using a frequency tick. Here, input logs will be processed every 2 seconds (value in milliseconds):

$ -I log_sample.txt -p p1.punch -tk 2000

Test grok or dissect pattern -gi "AAA000DDDD" -gp "(?<queue_id>[0-9A-F]{10,11})" -di 'hello world' -dp '%{a} %{b}'

See also