input {
        beats {
                port => 5044
        }
}
filter {

        grok {
             match => {
                  "message" => "\[%{GREEDYDATA:LogLevel}]\ \[%{TIMESTAMP_ISO8601:logdate}\] \[%{DATA:EventCategory}\] \[%{DATA:InitiatedBy}\] \[%{DATA:SgId}\] \[%{DATA:CbSerial}\] \[%{DATA:OcSerial}\] \[%{DATA:IpAddress}\] \[%{DATA:State}\] - %{GREEDYDATA:Description}"
             }
        }

        if [log][file][path] =~ "/var/log/auth.log" {
                drop { }
        }
        if [fileset][name] =~ "syslog" {
                drop { }
        }
        date {
                match => [ "logdate", "MMM D, YYYY @ HH:mm:ss.SSS", "ISO8601"]
                target => "@timestamp"
        }
}
output {

        if "SwitchGearLogs" in [tags] {
                elasticsearch {
                        hosts => ["elasticsearch:9200"]
                        index => "switchgearlogs-%{+YYYY.MM.dd}"
                }
        }

#       elasticsearch{
#               hosts => ["elasticsearch:9200"]
#               index => "lecologs-%{+YYYY.MM.dd}"
#       }

}