Suricata

Currently, if a user wants to log a matching string from a rule that uses `pcre`, there isn't much documentation to help them understand how can they do that.
Our documentation has:
https://suricata.readthedocs.io/en/suricata-6.0.3/rules/payload-keywords.html#pcre-perl-compatible-regular-expressions
And some `suricata-verify` tests could provide some examples:
https://github.com/OISF/suricata-verify/blob/master/tests/eve-metadata/test.rules
And others in the eve-matadata-* dirs.

But we could have all that better documented.

(image offers context from ad hoc support offered in our IRC chat)