# Sample Logstash configuration for creating a simple
# Beats -> Logstash -> Elasticsearch pipeline.

input {
  beats {
    port => 5044
  }
}

filter {
  grok {
    #"%d{ISO8601} %-1X{threadid} ${project.name} %-1X{appversion} ibps.bpmn %-1X{operation} %-1X{traceid} %-1X{serverip} %-1X{serverport} %-1X{clientip} %-1X{url} %-1X{method} %-1X{headers} %-1X{paramters} %-1X{uid} %level %l : %m%n"
    match => { "message" => "%{TIMESTAMP_ISO8601:datetime} %{NUMBER:thread_id} %{GREEDYDATA:project_name} %{GREEDYDATA:project_version} %{GREEDYDATA:module} %{GREEDYDATA:operation} %{NUMBER:trace_id} %{NUMBER:span_id} %{IP:server_ip} %{NUMBER:server_port} %{IP:client_ip} %{URIPATH:url} %{WORD:method} %{GREEDYDATA:headers} %{GREEDYDATA:paramters} %{GREEDYDATA:uid} %{LOGLEVEL:level} %{GREEDYDATA:logger} : %{GREEDYDATA:detail}" }
  }
}

output {
  elasticsearch {
    hosts => ["http://192.168.3.230:39200"]
    index => "logstash-%{[beat][name]}-%{+YYYY.MM.dd}"
    #user => "elastic"
    #password => "changeme"
  }
  stdout {
    codec => json_lines
  }
}