input {
file {
   path => ["/etc/logstash/conf.d/logstash/nginx/access.log"]
   start_position => "beginning"
   sincedb_path => "/dev/null"
 }
}
filter {
      grok {
        match => { "message" => ["%{IPORHOST:remote_ip} - %{DATA:user_name} \[%{HTTPDATE:access_time}\] \"%{WORD:http_method} %{DATA:url} HTTP/%{NUMBER:http_version}\" %{NUMBER:response_code} %{NUMBER:body_sent_bytes} \"%{DATA:referrer}\" \"%{DATA:agent}\""] }
        remove_field => "message"
      }
      mutate {
        add_field => { "read_timestamp" => "%{@timestamp}" }
      }
      date {
        match => [ "timestamp", "dd/MMM/YYYY:H:m:s Z" ]
        remove_field => "timestamp"
      }
}
output{
  elasticsearch{
    hosts => ["localhost:9200"] 
    index => "nginx-access-logs-02" 
  }
  stdout { 
    codec => "rubydebug"
   }
}