There's a regexes array field in the event that contains some regexes:
"regexes" => [
[0] "regex1",
[1] "regex2",
[2] "regex3"
]
As this field's content get filled dynamically, I need to use the grok filter plugin the way it uses the regexes inside this field as its patterns. Something like this:
grok {
match => {
"message" => "%{[regexes]}"
}
}
But despite other filter plugins, grok parses %{TEXT} as a pattern, not a field reference format (sprintf format). So it doesn't replace the content of regexes field in "message" => "%{[regexes]}" string and gives the error:
Pipeline error {:pipeline_id=>"main", :exception=>#<Grok::PatternError: pattern %{[regexes]} not defined>
Also, another challenge would be to feed the content of regexes field as an array to the grok plugin, so it evaluates that like this:
grok {
match => {
"message" => [
"regex1",
"regex2",
"regex3"
]
}
}