input {
    # 来源beats
    beats {
        # 端口
        port => "5044"
    }
}

#input {
  # 来源文件
#  file {
#    path => ["/var/log/logstash/nginx.log"]
#    start_position => "beginning"
#    sincedb_path => "nul"
#    type => "nginx"
#    codec => "json"
#  } 
#}

# 分析、过滤插件，可以多个
filter {
    if[fields][log_source] == "nginx" {
      #grok{
        #match => { "message" => "%{IPORHOST:http_host} %{IPORHOST:clientip} - %{USERNAME:remote_user} \[%{HTTPDATE:timestamp}\]\"(?:%{WORD:http_verb} %{NOTSPACE:http_request}(?: HTTP/%{NUMBER:http_version})?|%{DATA:raw_http_request})\" %{NUMBER:response} (?:%{NUMBER:bytes_read}|-) %{QS:referrer} %{QS:agent} %{QS:xforwardedfor} %{NUMBER:request_time:float}"}
      #}
      json {
        source => "message"
        remove_field => "message"
      }
    }
    if[fields][log_source] == "laravel" {
      grok {
        match => [ "message","\[%{TIMESTAMP_ISO8601:logtime}\] %{WORD:env}\.%{LOGLEVEL:level}\: %{GREEDYDATA:msg}" ]
      }
    }
    geoip {
        source => "clientip"
    }
}

output {
    if[fields][log_source] == "nginx" {
      # 输出选择elasticsearch
      elasticsearch {
        hosts => ["http://es-master:9200"]
        index => "nginx-%{+YYYY.MM.dd}"
        user => "elastic"
        password => "123456"
      }
    }
    if[fields][log_source] == "laravel" {
      #if [level] == "ERROR" {
        elasticsearch {
          hosts => ["http://es-master:9200"]
          index => "laravel-%{+YYYY.MM.dd}"
          user => "elastic"
          password => "123456"
        }
      #}
    }
}