input {
file {
   path => ["/etc/logstash/conf.d/logstash/mysql_slowlogs/mysql-slow.log"]
   start_position => "beginning"
   sincedb_path => "/dev/null"
   codec => multiline {
          pattern => "^# Time: %{TIMESTAMP_ISO8601}"
          negate => true
          what => "previous"
        }
 }
}
filter {
      mutate {
        gsub => [
          "message", "#", "",
          "message", "\n", " "
        ]
        remove_field => "host"
      }
      grok {
        match => { "message" => [
              "Time\:%{SPACE}%{TIMESTAMP_ISO8601:timestamp}%{SPACE}User\@Host\:%{SPACE}%{WORD:user}\[%{NOTSPACE}\] \@ %{NOTSPACE:host} \[\]%{SPACE}Id\:%{SPACE}%{NUMBER:sql_id}%{SPACE}Query_time\:%{SPACE}%{NUMBER:query_time}%{SPACE}Lock_time\:%{SPACE}%{NUMBER:lock_time}%{SPACE}Rows_sent\:%{SPACE}%{NUMBER:rows_sent}%{SPACE}Rows_examined\:%{SPACE}%{NUMBER:rows_examined}%{SPACE}%{GREEDYDATA}; %{GREEDYDATA:command}\;%{GREEDYDATA}" 
       ] }
      }
      
      mutate {
        add_field => { "read_timestamp" => "%{@timestamp}" }
        #remove_field => "message"
      }
}
output {
  elasticsearch {
            hosts => [ "localhost:9200"]
            index => "mysql-slowlogs-01"
        }
  stdout { codec => rubydebug }
}