Although it's possible to do most config in a single grok block with multiple pattern, in some cases (syslog parsing for example) it would be easier to do it in multiple blocks so each affected events can be tagged appropriately.
For this reason, it would be really useful to have the option to disable grok's addition of the _grokparsefailure tag on unsuccessful parsing.
Thank in advance
Yes, it would be very useful to categorize and add a specific tag to messages coming from the same source type (syslog is an example). At the moment, we can do it using multiple grok filters, but it adds a lot of "_grokparsefailure" tags. These tags should only be related to errors or failures.