chapter eleven
11 Optimizing for regular expressions at scale
This chapter covers:
- Where regular expressions are used in telemetry.
- Optimizing your regular expression usage.
- Changing your emissions to speed up regular expressions.
The best way to optimize regular expressions (regexes) at scale is to not use regular expressions at all. However, the telemetry tooling we available sometimes doesn’t give us the option of avoiding regular expressions, and we have to deal with them anyway. This chapter is about making the regexes you must use perform the best they can. Much like programming, regexes are used for two reasons in a telemetry pipeline:
- Control program flow. If a string matches a regex, do something, such as attempt parsing a certain way.
- Extract fields from strings. Using regex capture expressions to add fields to telemetry being processed, known as enrichment (see chapter 6 for more on enrichment in general).