input {
file {
   path => ["/etc/logstash/conf.d/logstash/aws_elb/elb_logs.log"]
   start_position => "beginning"
   sincedb_path => "/dev/null"
 }
}
filter {
      grok {
        match => { "message" => ["%{TIMESTAMP_ISO8601:timestamp} %{NOTSPACE:loadbalancer} %{IP:client_ip}:%{NUMBER:client_port} (?:%{IP:backend_ip}:%{NUMBER:backend_port}|-) %{NUMBER:request_processing_time} %{NUMBER:backend_processing_time} %{NUMBER:response_processing_time} (?:%{NUMBER:elb_status_code}|-) (?:%{NUMBER:backend_status_code}|-) %{NUMBER:received_bytes} %{NUMBER:sent_bytes} \"(?:%{WORD:verb}|-) (?:%{GREEDYDATA:request}|-) (?:HTTP/%{NUMBER:httpversion}|-( )?)\" \"%{DATA:userAgent}\"( %{NOTSPACE:ssl_cipher} %{NOTSPACE:ssl_protocol})?"] }
        remove_field => "message"
      }
}
output {
#if "_grokparsefailure" in [tags] {
stdout { codec => rubydebug }
#}
elasticsearch {
            hosts => [ "localhost:9200"]
            index => "aws-elb-logs"
        }
}