Regex as packet matching logic

I'm new to packetbeats so not sure what's supported today. I'd like to build regular expressions as a means to match packets. So think of the types of expressions one can build in wireshark -- eg match on TCP traffic, port foo from prefix bar/20. I'm not looking for packetbeats to do any sort of decode on the packet matches-- just pump counts north to logstash/elastic.

I'd also like to match on non-IP ethernet frames-- no need for decode logic, just punt counts north to logstash/elastic.

Is the above supported today in packetbeats? if so, pointer to a doc which shows a regex example?

If possible in packetbeats but requires development, could you point me to where I'd need to connect into the packetbeat code to exgend to support the regex model?

Thanks

packetbeat is mostly about pushing data to elasticsearch for inspection e.g. via kibana. packetbeat master branch recently got support for bidirectional flows. See [pull request] (https://github.com/elastic/beats/pull/756) and github discussion.

You can disable all application layer analyzers and configure your own BPF filter used when sniffing packets to get some raw data only. Additional filtering can be done in Logstash/Elasticsearch/Kibana.