input {
  beats {
    host => "127.0.0.1"
    port => 5044
  }
}

filter {
  if [message] =~ /(last message repeated.*)|(logfile turned over)/ {
    drop {}
  }

  mutate {
    remove_field => [ "[beat][name]", "[prospector][type]", "offset", "source" ]
    remove_tag => "beats_input_codec_plain_applied"
  }

  if [message] {
    grok {
      match => [ "message", "%{SYSLOGTIMESTAMP:[@metadata][timestamp]} (?:%{SYSLOGFACILITY} )?%{SYSLOGHOST:logsource} %{SYSLOGPROG}: %{GREEDYDATA:message}" ]
      overwrite => [ "message" ]
    }
  }

  date {
    match => [ "[@metadata][timestamp]", "MMM dd HH:mm:ss", "MMM  d HH:mm:ss", "dd/MMM/yyyy:HH:mm:ss Z" ]
  }
}

output {
  elasticsearch {
    hosts => ["http://localhost:9200"]
    index => "logstash-%{+YYYY.MM.dd}"
    template => "/etc/logstash/conf.d/templates/ecs-disabled/elasticsearch-7x.json"
    template_name => "logstash"
    template_overwrite => "true"
  }
}