While creating some custom grok patterns for my Apache logs, I got bit by the fact that dashes are apparently not allowed in the semantic part of grok patterns. When a dash is used in a semantic identifier, it will be truncated at the first occurrence, which can lead to unwanted merging of fields into arrays.
The issue is not so much this behaviour in and of itself (which I'm sure is there for technical reasons), but rather that this doesn't seem to be mentioned anywhere on the 'grok' filter's documentation pages.
Output (somewhat prettified for readability):
Note that there is one field "request" containing both values, rather than two separate fields "request-size" and "request-duration".