input { file { path => ["/etc/logstash/conf.d/logstash/mongodb/mongodb.log"] start_position => "beginning" sincedb_path => "/dev/null" } } filter { grok { match => { "message" => ["%{TIMESTAMP_ISO8601:timestamp}\s+%{NOTSPACE:severity}\s+%{NOTSPACE:component}\s+(?:\[%{DATA:context}\])?\s+%{GREEDYDATA:log_message}" ] } remove_field => "message" } mutate { add_field => { "read_timestamp" => "%{@timestamp}" } } } output { elasticsearch { hosts => [ "localhost:9200"] index => "mongo-logs-01" } stdout { codec => rubydebug } }