I got a feasability question,
I am using logstash to parse docs, on a specific field of those docs, I want to match against a set of rules defined in a grok patterns file.
MY file would look like:
RULE1 (regex1)
RULE2 (regex2)
RULE3 (regex3)
So, basically,
IF field1 match RULE1 in the grok pattern file, add a new field called newfield with a value of "RULE1"
or if field1 matches RULE 2 add a new field called newfield with a value of "RULE2"
is that even possible ? to iterate over the pattern file and stop on match ?