According to the documentation, we can use Oniguruma regex pattern formats in grok plugin (i.e. (?<field_name>the pattern here)).
Also, there's the patterns_dir configuration option that instructs grok filter to load patterns from files.
However, the format of patterns in files should be NAME PATTERN (presumably in each line). But I need to save patterns in files like below:
Patterns.txt file:
(?<field_name>the pattern 1 here)
(?<field_name>the pattern 2 here))
And then use these patterns in a way that do the same this as this configuration:
grok {
match => {
"message" => [
"(?<field_name>the pattern 1 here)",
"(?<field_name>the pattern 2 here)"
]
}
}
So that the message field is being tested against multiple Oniguruma patterns, that are loaded from an external pattern file.
How would it be possible?