input {

	file {
		type => "syslog"
		# path => [ "/var/log/*.log", "/var/log/messages", "/var/log/syslog" ]
		path => "/var/log/messages"
		start_position => "beginning"
	}
}

filter {
# An filter may change the regular expression used to match a record or a field,
# alter the value of parsed fields, add or remove fields, etc.
#
#	if [type] == "syslog" {
#		grok {
#			match => { "message" => "%{SYSLOGTIMESTAMP:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} (%{DATA:syslog_program}(?:\[%{POSINT:syslog_pid}\])?: %{GREEDYDATA:syslog_message}|%{GREEDYDATA:syslog_message})" }
#			add_field => [ "received_at", "%{@timestamp}" ]
#			add_field => [ "received_from", "%{@source_host}" ]
#		}
#    
#		if !("_grokparsefailure" in [tags]) {
#			mutate {
#				replace => [ "@source_host", "%{syslog_hostname}" ]
#				replace => [ "@message", "%{syslog_message}" ]
#			}
#		}
#		mutate {
#			remove_field => [ "syslog_hostname", "syslog_message" ]
#		}
#		date {
#			match => [ "syslog_timestamp","MMM  d HH:mm:ss", "MMM dd HH:mm:ss", "ISO8601" ] 
#		}
#		syslog_pri { }
#	}
}

output {
	# Emit events to stdout for easy debugging of what is going through
	# logstash.
	# stdout { codec => rubydebug }

	# This will use elasticsearch to store your logs.
	# elasticsearch { hosts => [ "localhost:9200" ] }
}