When monitoring a log file one often wants to get an event when a certain condition is met.
Currently every line that should be taken into consideration for generating an event needs to be send to the server first.
This is not only inefficient in terms of data transfer and storage, it may also lead to kill every Zabbix server/database regardless of it's backing.
Limiting the lines per second does not help in every case since even one line per second might be to much and/or it might be necessary to parse tens of thousands lines per second.
What I think of is the possibility to configure a kind of active log item on agent level.
These items might send a possibly configurable value (subexpressions?) when a specific patterns is matched.
This value could then be used to trigger an event based on parsing an enormous amount of data without sending them to the server.