As my log have multiple pattern I need to use multiple dissect pattern so that if one pattern fails to recognize the log other can capture. Following pseudo configuration works,
"message" => "pattern1"
Or
"message" => "pattern2"
But following configuration is not working,
"message" => ["pattern1", "pattern2"]
Does dissect support these kinds of match?
No, dissect only supports one mapping for each field.
If your log has multiple patterns, you will need to use grok, which supports multiple matching patterns.
Depending on how are your log messages you can use a combination of conditionals to filter your messages and send each one to a matching dissect, or combine grok and dissect to parse common parts of your message.
You can also filter by the _dissectfailure tag, if your second pattern don't match the dissect, it will receive this tag and then you can apply a matching dissect