# Sample configuration file
#
# Author: Thomas Neuburger t.neuburger@telekom.de
#
# Active config files have to be in /etc/logstash/conf.d/
#
# For testing configuration syntax run:
# /opt/logstash/bin/logstash agent -f /etc/logstash/conf.d/ --configtest
#
# For reference on plugins look at:
# https://www.elastic.co/guide/en/logstash/current
#


input {

  # Sample for local file input. File must be readable for logstash user!
  #file {
  #  type => "syslog"
  #  path => [ "/var/log/messages" ]
  #}

  # Read network input over beats protocol (used by filebeat, packetbeat, topbeat..)
  # ...Filebeat is the successor of logstash-forwarder, so most people need this
  beats {
    port => 5044
  }

}

filter {
  # Sample filtering for log input from filebeat ("type" and "source" are set by filebeat).
  if [type] == "log" {
    if [source] == "/var/log/messages" {

      grok {
        # For reference on shipped grok patterns have a look at:
        #   https://github.com/logstash-plugins/logstash-patterns-core/tree/master/patterns
        # For testing grok patterns have a look at: http://grokdebug.herokuapp.com/
        match => [ "message", "%{SYSLOGBASE}" ]
      }

    }
  }

}

output {
  # Output to elasticsearch on localhost.
  # If given an array it will load balance requests across the hosts
  elasticsearch {
    hosts => "127.0.0.1"
  }
}