input {
file {
   path => ["/etc/logstash/conf.d/logstash/aws_alb/alb_logs.log"]
   start_position => "beginning"
   sincedb_path => "/dev/null"
 }
}
filter {
      grok {
        match => { "message" => ["%{NOTSPACE:request_type} %{TIMESTAMP_ISO8601:log_timestamp} %{NOTSPACE:alb-name} %{NOTSPACE:client}:%{NUMBER:client_port} (?:%{IP:backend_ip}:%{NUMBER:backend_port}|-) %{NUMBER:request_processing_time} %{NUMBER:backend_processing_time} %{NOTSPACE:response_processing_time:float} %{NOTSPACE:elb_status_code} %{NOTSPACE:target_status_code} %{NOTSPACE:received_bytes:float} %{NOTSPACE:sent_bytes:float} %{QUOTEDSTRING:request} %{QUOTEDSTRING:user_agent} %{NOTSPACE:ssl_cipher} %{NOTSPACE:ssl_protocol} %{NOTSPACE:target_group_arn} %{QUOTEDSTRING:trace_id}"] }
        remove_field => "message"
      }
}
output {
#if "_grokparsefailure" in [tags] {
stdout { codec => rubydebug }
#}
elasticsearch {
            hosts => [ "localhost:9200"]
            index => "aws-alb-logs"
        }
}