I think I did not state my problem right.
We do use grok patterns to extract messages and store it in elastic.
For example my application logs something like:
"Saved record with id: 1234"
"Saved record with id: 9870"
"Saved record with id: 4523"
it also logs
"Error: connection timeout"
"Error: database restarted"
So I have all these logs.
What SUMO and Splunk offer is way to extract these patterns from the messages and give a tabular output something to the following effect
Message pattern Frequency
Saved record with id: <> . 80%
Error: connection timeout 10%
Error: database restarted 10%
If this can be achieved using grok patterns, I would be interested to understand it.