WarpParse - High-Performance ETL Engine

Core Features

specialized for high-performance log processing and dataTransformdesign

F

Ultimate Throughput

in many scenariosComprehensively surpass in performance Vector, provides industry-leading log processing capability, meet high throughput scenario requirements.

W

Easy Rule Writing

WPL (parsing DSL) + OML (transform DSL), far more readable than regex and Lua, makes rule writing simpler.

C

Unified Connectors

Based on wp-connector-api, easy for community ecosystem extension, supports multiple data sources and output targets.

O

DevOps Friendly

Single binary deployment with configuration-based management; provides wproj, wpgen, wprescue toolkits to simplify DevOps work.

D

Knowledge Transformation

Support SQL queries through in-memory database to enrich data and make it more valuable.

R

Data Routing

Route data based on rules and transform models, support multi-path copy and filters, flexibly control data flow direction.

Throughput Performance Comparison

WarpParse vs Vector Benchmark Results (AWS EC2 / Ubuntu 24.04 / 8 vCPU / 16 GiB RAM)

3.4x

Parse Performance Boost

Mixed Log Parse Only

2.8x

Parse+Transform Performance Boost

Mixed Log Parse+Transform

81W

EPS Peak Throughput

Nginx File→BlackHole

380 MiB/s

MPS Peak

APT File→BlackHole

Nginx Access Log (239B) - Parse Capability

EPS (Events Per Second) Comparison

File → BlackHole

WarpParse

810,100

Vector-VRL

211,250

Vector-Fixed

170,666

Logstash

106,382

3.83x WarpParse Faster

TCP → BlackHole

WarpParse

765,800

Vector-VRL

492,200

Vector-Fixed

255,500

Logstash

161,290

1.56x WarpParse Faster

AWS ELB Log (411B) - Parse Capability

EPS (Events Per Second) Comparison

File → BlackHole

WarpParse

398,800

Vector-VRL

141,600

Vector-Fixed

161,944

Logstash

87,719

2.82x WarpParse Faster

TCP → BlackHole

WarpParse

369,900

Vector-VRL

148,400

Vector-Fixed

176,600

Logstash

125,000

2.49x WarpParse Faster

Sysmon JSON Log (1K) - Parse Capability

EPS (Events Per Second) Comparison

File → BlackHole

WarpParse

153,000

Vector

38,196

Logstash

48,076

4.01x WarpParse Faster

TCP → BlackHole

WarpParse

149,800

Vector

47,000

Logstash

54,347

3.19x WarpParse Faster

APT Threat Log (3K) - Parse Capability

EPS (Events Per Second) Comparison

File → BlackHole

WarpParse

129,700

Vector

16,901

Logstash

9,009

7.67x WarpParse Faster

TCP → BlackHole

WarpParse

129,600

Vector

18,900

Logstash

10,183

6.86x WarpParse Faster

Mixed Log (867B avg) - Parse Capability

EPS (Events Per Second) Comparison

File → BlackHole

WarpParse

270,000

Vector-VRL

80,555

Vector-Fixed

74,418

Logstash

34,482

3.35x WarpParse Faster

TCP → BlackHole

WarpParse

259,900

Vector-VRL

86,800

Vector-Fixed

78,200

Logstash

43,103

2.99x WarpParse Faster

Nginx Access Log (239B) - parsing+Transform

EPS (Events Per Second) Comparison

File → BlackHole

WarpParse

656,800

Vector-VRL

201,000

Vector-Fixed

162,800

Logstash

104,166

3.27x WarpParse Faster

TCP → BlackHole

WarpParse

524,800

Vector-VRL

392,200

Vector-Fixed

237,300

Logstash

156,250

1.34x WarpParse Faster

AWS ELB Log (411B) - parsing+Transform

EPS (Events Per Second) Comparison

File → BlackHole

WarpParse

275,900

Vector-VRL

124,333

Vector-Fixed

145,900

Logstash

84,033

2.22x WarpParse Faster

TCP → BlackHole

WarpParse

259,900

Vector-VRL

130,600

Vector-Fixed

157,200

Logstash

121,951

1.99x WarpParse Faster

Sysmon JSON Log (1K) - parsing+Transform

EPS (Events Per Second) Comparison

File → BlackHole

WarpParse

129,400

Vector

35,862

Logstash

34,883

3.61x WarpParse Faster

TCP → BlackHole

WarpParse

120,000

Vector

45,500

Logstash

38,961

2.64x WarpParse Faster

APT Threat Log (3K) - parsing+Transform

EPS (Events Per Second) Comparison

File → BlackHole

WarpParse

123,100

Vector

16,093

Logstash

7,633

7.65x WarpParse Faster

TCP → BlackHole

WarpParse

114,200

Vector

18,600

Logstash

9,852

6.14x WarpParse Faster

Mixed Log (867B avg) - parsing+Transform

EPS (Events Per Second) Comparison

File → BlackHole

WarpParse

221,300

Vector-VRL

78,965

Vector-Fixed

72,254

Logstash

33,333

2.80x WarpParse Faster

TCP → BlackHole

WarpParse

209,900

Vector-VRL

83,600

Vector-Fixed

77,300

Logstash

41,666

2.51x WarpParse Faster

P

Ultimate Performance

In Linux mixed log scenarios, provides 3.4x parse performance advantage, File and TCP reception link performance stands out.

R

Resource-Constrained Environments

Peak CPU is higher, but total CPU time required for equivalent data volume is less.

E

Edge/Agent Deployment

Small rule files for quick hot updates; strong single-machine processing capability reducing central pressure.

View Full Performance Report →

Fixed Rate Resource Comparison

CPU and Memory Comparison at 20,000 EPS Fixed Rate (AWS EC2 / Ubuntu 24.04 / Mixed Log / TCP → BlackHole)

Test Description: All engines run at the same 20,000 EPS throughput, testing Mixed Log scenario (average log size 867B), comparing CPU and memory resource consumption. Data collected after Logstash warmup.

CPU Usage Comparison

Average / Peak (%)

WarpParse: 54% / 56%

Vector-VRL: 173% / 180%

Vector-Fixed: 171% / 177%

Logstash: 276% / 396%

Memory Usage Comparison

Average / Peak (MB)

WarpParse: 60 MB / 66 MB

Vector-VRL: 162 MB / 166 MB

Vector-Fixed: 128 MB / 134 MB

Logstash: 1190 MB / 1223 MB

⚡

Ultra Low CPU Usage

54% Average CPU

Reduced compared to Vector-VRL by 68.8%，Reduced compared to Logstash by 80.4%

💾

Ultra Low Memory Usage

60 MB Average Memory

Reduced compared to Vector-VRL by 63.0%，Reduced compared to Logstash by 95.0%

📊

Resource Efficiency Advantage

At the same throughput, WarpParse resource consumption is far lower than other engines, very suitable for resource-constrained edge environments and large-scale deployment scenarios.

View Full Performance Report →

Mac Throughput Performance Comparison

WarpParse vs Vector-VRL vs Vector-Fixed vs Logstash (Mac M4 Mini / 10C / 16G RAM)

4.0x

Parse Performance Boost

Mixed Log Parse Only

3.5x

Parse+Transform Performance Boost

Mixed Log Parse+Transform

278.9W

EPS Peak Throughput

Nginx File→BlackHole

1109 MiB/s

MPS Peak

APT File→BlackHole

Nginx Access Log (239B) - Parse Capability

EPS (Events Per Second) Comparison

File → BlackHole

WarpParse

2,789,800

Vector-VRL

572,076

Vector-Fixed

513,181

Logstash

270,270

4.88x WarpParse Faster

TCP → BlackHole

WarpParse

1,657,500

Vector-VRL

1,163,700

Vector-Fixed

730,700

Logstash

541,403

1.42x WarpParse Faster

TCP → File

WarpParse

789,000

Vector-VRL

89,900

Vector-Fixed

92,300

Logstash

507,975

8.78x WarpParse Faster

AWS ELB Log (411B) - Parse Capability

EPS (Events Per Second) Comparison

File → BlackHole

WarpParse

1,124,500

Vector-VRL

389,000

Vector-Fixed

491,739

Logstash

208,333

2.89x WarpParse Faster

TCP → BlackHole

WarpParse

947,300

Vector-VRL

394,600

Vector-Fixed

555,500

Logstash

425,531

2.40x WarpParse Faster

TCP → File

WarpParse

349,700

Vector-VRL

84,700

Vector-Fixed

86,900

Logstash

350,877

4.12x WarpParse Faster

Sysmon JSON Log (1K) - Parse Capability

EPS (Events Per Second) Comparison

File → BlackHole

WarpParse

542,200

Vector-VRL

160,400

Vector-Fixed

94,285

Logstash

119,047

3.38x WarpParse Faster

TCP → BlackHole

WarpParse

448,900

Vector-VRL

232,900

Vector-Fixed

134,400

Logstash

183,486

1.93x WarpParse Faster

TCP → File

WarpParse

279,800

Vector-VRL

75,800

Vector-Fixed

67,300

Logstash

152,671

3.69x WarpParse Faster

APT Threat Log (3K) - Parse Capability

EPS (Events Per Second) Comparison

File → BlackHole

WarpParse

328,000

Vector-VRL

37,777

Vector-Fixed

37,857

Logstash

29,940

8.68x WarpParse Faster

TCP → BlackHole

WarpParse

299,700

Vector-VRL

51,000

Vector-Fixed

51,500

Logstash

31,446

5.88x WarpParse Faster

TCP → File

WarpParse

99,900

Vector-VRL

37,200

Vector-Fixed

38,200

Logstash

30,120

2.69x WarpParse Faster

Mixed Log (867B avg) - Parse Capability

EPS (Events Per Second) Comparison

File → BlackHole

WarpParse

768,800

Vector-VRL

191,707

Vector-Fixed

200,000

Logstash

119,047

4.01x WarpParse Faster

TCP → BlackHole

WarpParse

623,200

Vector-VRL

221,200

Vector-Fixed

204,300

Logstash

144,927

2.82x WarpParse Faster

TCP → File

WarpParse

318,100

Vector-VRL

75,600

Vector-Fixed

75,000

Logstash

136,986

4.21x WarpParse Faster

Nginx Access Log (239B) - parsing+Transform

EPS (Events Per Second) Comparison

File → BlackHole

WarpParse

2,162,500

Vector-VRL

572,941

Vector-Fixed

482,000

Logstash

227,272

3.77x WarpParse Faster

TCP → BlackHole

WarpParse

1,382,800

Vector-VRL

1,024,300

Vector-Fixed

595,800

Logstash

357,142

1.35x WarpParse Faster

TCP → File

WarpParse

788,900

Vector-VRL

93,500

Vector-Fixed

87,500

Logstash

344,827

8.44x WarpParse Faster

AWS ELB Log (411B) - parsing+Transform

EPS (Events Per Second) Comparison

File → BlackHole

WarpParse

913,300

Vector-VRL

345,500

Vector-Fixed

446,111

Logstash

147,058

2.64x WarpParse Faster

TCP → BlackHole

WarpParse

757,600

Vector-VRL

370,900

Vector-Fixed

481,700

Logstash

222,222

2.04x WarpParse Faster

TCP → File

WarpParse

319,900

Vector-VRL

82,700

Vector-Fixed

83,600

Logstash

200,000

3.87x WarpParse Faster

Sysmon JSON Log (1K) - parsing+Transform

EPS (Events Per Second) Comparison

File → BlackHole

WarpParse

432,200

Vector-VRL

142,857

Vector-Fixed

86,600

Logstash

97,087

3.03x WarpParse Faster

TCP → BlackHole

WarpParse

386,800

Vector-VRL

216,100

Vector-Fixed

130,800

Logstash

113,636

1.79x WarpParse Faster

TCP → File

WarpParse

239,000

Vector-VRL

76,600

Vector-Fixed

68,100

Logstash

109,890

3.12x WarpParse Faster

APT Threat Log (3K) - parsing+Transform

EPS (Events Per Second) Comparison

File → BlackHole

WarpParse

299,400

Vector-VRL

36,857

Vector-Fixed

37,222

Logstash

26,315

8.12x WarpParse Faster

TCP → BlackHole

WarpParse

279,700

Vector-VRL

52,000

Vector-Fixed

51,000

Logstash

27,027

5.38x WarpParse Faster

TCP → File

WarpParse

89,900

Vector-VRL

37,300

Vector-Fixed

37,000

Logstash

25,641

2.41x WarpParse Faster

Mixed Log (867B avg) - parsing+Transform

EPS (Events Per Second) Comparison

File → BlackHole

WarpParse

659,700

Vector-VRL

186,857

Vector-Fixed

175,769

Logstash

103,092

3.53x WarpParse Faster

TCP → BlackHole

WarpParse

574,500

Vector-VRL

215,000

Vector-Fixed

199,300

Logstash

114,942

2.67x WarpParse Faster

TCP → File

WarpParse

299,900

Vector-VRL

74,800

Vector-Fixed

70,900

Logstash

107,526

4.01x WarpParse Faster

P

Ultimate Performance

Provides 1.4-8.8x performance advantage on Mac M4 platform.

R

Resource-Constrained Environments

Peak CPU is higher, but total CPU time required for equivalent data volume is less.

E

Edge/Agent Deployment

Small rule files for quick hot updates; strong single-machine processing capability reducing central pressure.

View Full Performance Report →

WPL - Warp Parse Language

Industrial-grade data governance with strongly-typed parsing DSL, more precise and efficient than regular expressions

More Concise

Complete more complex parsing tasks with less code, intuitive and readable syntax.

Stronger Control

Built-in alt (alternative fallback), opt (optional matching), some_of (loop detection) and other meta-information, providing far superior fault tolerance than regex.

Integrated Pipeline

Integrate cleaning and parsing in a single expression, supports preprocessing like decode/base64, unquote/unescape, decode/hex.

Example: JSON-wrapped Nginx Log

{"date":1767006286.778936,"log":"180.57.30.149 - - [21/Jan/2025:01:40:02 +0800] \"GET /nginx-logo.png HTTP/1.1\" 500 368 \"http://207.131.38.110/\" \"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36\" \"-\""}

WPL 162 characters

VRL 419 characters

Logstash 470 characters

                            WPL162 chars
                        

                            rule nginx { (
    json | take(log) | json_unescape() | (
        ip:sip,
        2*_,
        time:recv_time<[,]>,
        http/request",
        http/status,
        digit,
        chars",
        http/agent",
        _"
    )
) }
                        

                            VRL (Vector)419 chars
                        

                            obj = parse_json!(string!(.message))
. = object!(obj)

.|= parse_regex!(
  string!(.log),
  r'^(?P<sip>\S+)\s+\S+\s+\S+\s+\[(?P<recv_time>\d{2}\/[A-Za-z]{3}\/\d{4}:\d{2}:\d{2}:\d{2})\s+[+\-]\d{4}\]\s+"(?P<http_request>[^"]*)"\s+(?P<status>\d{3})\s+(?P<digit>\d+)\s+"(?P<chars>[^"]*)"\s+"(?P<http_agent>[^"]*)"\s+"[^"]*"\s*$'
)
.status = to_int!(.status)
.digit = to_int!(.digit)
del(.log)
del(.message)
                        

                            Logstash470 chars
                        

                            filter {
  json {
    source => "message"
  }

  dissect {
    mapping => {
      "log" => '%{sip} - - [%{recv_time} %{+recv_time}] "%{http_request}" %{status} %{digit} "%{chars}" "%{http_agent}" "%{ignore_tail}"'
    }
    tag_on_failure => ["nginx_dissect_failure"]
  }

  mutate {
    convert => {
      "status" => "integer"
      "digit"  => "integer"
    }
  }

  mutate {
    remove_field => ["log", "message", "ignore_tail","@timestamp","@version","event"]
  }
}
                        

OML - Object Modeling Language

Declarative syntax, automatically reorganize data fields into complex structured business models

Declarative Modeling

Describe what you want, not how to do it. Simply define the final output data structure without writing low-level processing logic.

Precise Data Processing

read (non-destructive read) and take (destructive read) modes, support strong-type safety and automatic inference.

SQL Integration

Native SQL integration, directly query database for data enrichment when building objects.

                            OMLDeclarative
                        

                            size : digit = take(size);
status : digit = take(status);
match_chars = match read(option:[wp_src_ip]) {
    ip(127.0.0.1) => chars(localhost);
    !ip(127.0.0.1) => chars(attack_ip);
};
str_status = match read(option:[status]) {
    digit(500) => chars(Internal Server Error);
    digit(404) => chars(Not Found);
};
* : auto = read();
                        

                            VRL (Vector)Imperative
                        

                            .status = to_int!(parsed.status)
.size = to_int!(parsed.size)
if .host == "127.0.0.1" {
    .match_chars = "localhost"
} else if .host != "127.0.0.1" {
    .match_chars = "attack_ip"
}
if .status == 500 {
    .str_status = "Internal Server Error"
} else if .status == 404 {
    .str_status = "Not Found"
}
                        

WpEditor

Used for writing WPL parsing and OML transform rules

WPL Parsing Rule Editor

OML Transform Rule Editor

Try Online Download WpEditor

ConnectorsEcosystem

Based on wp-connector-api, support multiple data sources and output targets

K

Kafka

M

MySQL

E

Elasticsearch

V

VictoriaMetrics

L

VictoriaLog

D

Doris

+

More Coming Soon...

Get Started with WarpParse

Experience the power of high-performance ETL engine right now

Download Documentation GitHub

WarpParse Lightning Fast Yet So Lightweight

Core Features

Ultimate Throughput

Easy Rule Writing

Unified Connectors

DevOps Friendly

Knowledge Transformation

Data Routing

Throughput Performance Comparison

Nginx Access Log (239B) - Parse Capability

AWS ELB Log (411B) - Parse Capability

Sysmon JSON Log (1K) - Parse Capability

APT Threat Log (3K) - Parse Capability

Mixed Log (867B avg) - Parse Capability

Nginx Access Log (239B) - parsing+Transform

AWS ELB Log (411B) - parsing+Transform

Sysmon JSON Log (1K) - parsing+Transform

APT Threat Log (3K) - parsing+Transform

Mixed Log (867B avg) - parsing+Transform

Ultimate Performance

Resource-Constrained Environments

Edge/Agent Deployment

Fixed Rate Resource Comparison

CPU Usage Comparison

Memory Usage Comparison

Ultra Low CPU Usage

Ultra Low Memory Usage

Resource Efficiency Advantage

Mac Throughput Performance Comparison

Nginx Access Log (239B) - Parse Capability

AWS ELB Log (411B) - Parse Capability

Sysmon JSON Log (1K) - Parse Capability

APT Threat Log (3K) - Parse Capability

Mixed Log (867B avg) - Parse Capability

Nginx Access Log (239B) - parsing+Transform

AWS ELB Log (411B) - parsing+Transform

Sysmon JSON Log (1K) - parsing+Transform

APT Threat Log (3K) - parsing+Transform

Mixed Log (867B avg) - parsing+Transform

Ultimate Performance

Resource-Constrained Environments

Edge/Agent Deployment

WPL - Warp Parse Language

More Concise

Stronger Control

Integrated Pipeline

OML - Object Modeling Language

Declarative Modeling

Precise Data Processing

SQL Integration

WpEditor

ConnectorsEcosystem

Get Started with WarpParse