It would be great if Zabbix internal regexp functions understands grok patterns. Best if it loads patterns from external file/dir during startup or extension of today regular expressions.

Grok patterns are well-known patterns which can help with searching and replacing common type of information: https://github.com/logstash-plugins/.../grok-patterns
Grok pattern needs to be "compiled" during saving, from this point it is normal regular expression.

For example, it is very easy to parse syslog file using this pattern than write everything as more expression strings. And this could be very helpful.
This could bring next level of security monitoring for Zabbix. In combination with log file processing, preprocessing and event correlation, this could be very strong tool.

Today, security template for parsing complex log files is hard to create and even harder to read regexp.

Easy syslog parsing with similar rule:
Code:
SYSLOGBASE %{SYSLOGTIMESTAMP:timestamp} (?:%{SYSLOGFACILITY} )?%{SYSLOGHOST:logsource} %{SYSLOGPROG}:
Instead of manualy entering expressions for each GROK pattern.

Similar, regular expression replace function can use GROK patterns so names of variables can be used as replacement.

For example, iregsub can be used as:

iregsub

iregsub("SYSLOGBASE %{SYSLOGTIMESTAMP:timestamp} (?:%{SYSLOGFACILITY} )?%{SYSLOGHOST:logsource} %{SYSLOGPROG}", "\timestamp, \logsource")

()