logstash.conf

###############################################################################
# Logstash.conf
# Defines the GROK filters for Convertigo logs.
###############################################################################
input {
  beats {
    port  => 5044
  }
}

filter {
    grok {
        match => { "message" => [
          "!%{DATA:c8o.module}\| %{TIMESTAMP_ISO8601:c8o.logdate} \| %{DATA:c8o.loglevel} \| %{DATA:c8o.thread} \| \$clientip=%{IP:c8o.clientip} \| \$connector=%{WORD:c8o.connector} \| \$contextid=%{DATA:c8o.contextid} \| \$project=%{WORD:c8o.project} \| \$transaction=%{WORD:c8o.transaction} \| \$uid=%{WORD:c8o.uid} \| \$user=%{DATA:c8o.user} \| %{GREEDYDATA:c8o.message}",
          "!%{DATA:c8o.module}\| %{TIMESTAMP_ISO8601:c8o.logdate} \| %{DATA:c8o.loglevel} \| %{DATA:c8o.thread} \| \$clientip=%{IP:c8o.clientip} \| \$contextid=%{DATA:c8o.contextid} \| \$project=%{WORD:c8o.project} \| \$sequence=%{WORD:c8o.sequence} \| \$uid=%{WORD:c8o.uid} \| \$user=%{DATA:c8o.user} \| %{GREEDYDATA:c8o.message}",
          "!%{DATA:c8o.module}\| %{TIMESTAMP_ISO8601:c8o.logdate} \| %{DATA:c8o.loglevel} \| %{DATA:c8o.thread} \| \$clientip=%{IP:c8o.clientip} \| \$contextid=%{DATA:c8o.contextid} \| \$project=%{DATA:c8o.project} \| \$uid=%{DATA:c8o.uid} \| %{GREEDYDATA:c8o.message}",
          "!%{DATA:c8o.module}\| %{TIMESTAMP_ISO8601:c8o.logdate} \| %{DATA:c8o.loglevel} \| %{DATA:c8o.thread} \| %{GREEDYDATA:c8o.message}"
        ]}
    }

    date {
        match => ["c8o.logdate", "yyyy-MM-dd HH:mm:ss,SSS"]
    }

    geoip {
        source => "clientip"
    }
}

output {
  if [@metadata][pipeline] {
    elasticsearch {
      hosts => "es01:9200"
      manage_template => false
      index => "%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.dd}"
      pipeline => "%{[@metadata][pipeline]}" 
    }
  } else {
    elasticsearch {
      hosts => "es01:9200"
      manage_template => false
      index => "%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.dd}"
    }
  }
}