input {
file {
   path => ["/etc/logstash/conf.d/logstash/apache/access_log"]
   start_position => "beginning"
   sincedb_path => "/dev/null"
 }
}
filter {
      grok {
         match => { "message" => ["%{COMBINEDAPACHELOG}"] }
        remove_field => "message"
      }
      mutate {
        add_field => { "read_timestamp" => "%{@timestamp}" }
      }
      date {
        match => [ "timestamp", "dd/MMM/YYYY:H:m:s Z" ]
        remove_field => "timestamp"
      }
     useragent {
       source => "agent"
       target => "agent"
     }
     geoip {
       source => "clientip"
       target => "geoip"
     }
}
output {
  elasticsearch {
            hosts => [ "localhost:9200"]
            index => "apache-logs"
        }
  stdout { codec => rubydebug }
}