input {
  tcp {
    port => 514
    type => syslog
  }
  udp {
    port => 514
    type => syslog
  }
}

filter {
  grok {
    match => { "message" =>"%{SYSLOG5424PRI}1 %{MCOLLECTIVEAUDIT}%{JAVACLASS}%{ISO8601_TIMEZONE} %{IP} ForumSystemsSentry - 08409 %{SYSLOG5424SD} %{WORD:logID}  %{WORD:transact
ionID}  %{NUMBER}%{DATA}%{IP:clientIP} %{WORD:httpMethod} %{URIPATH:serviceURL} HTTP/1.1 %{NUMBER:statusCode} %{NUMBER:length} %{IP:listenerIP}:%{NUMBER:listenerPort} %{NUMBER:
startTime} %{NUMBER:endTime} %{NUMBER:totalTimeMS}%{GREEDYDATA:custom}" }
  }
}


output {
  elasticsearch { hosts => ["localhost:9200"] }
  stdout { codec => rubydebug }
}