input { #beats { # port => '5044' #} file { path => '/path/to/log/production.log' codec => multiline { pattern => "-- : Started " negate => true what => 'previous' } } } filter { grok { patterns_dir => '../grok-patterns' match => { "message" => "%{RAILS4}" } } date { match => ['timestamp', 'yyyy-MM-dd HH:mm:ss Z'] remove_field => ['timestamp'] } geoip { source => 'clientip' #fields => ["city_name", "country_code2", "country_name", "latitude", "longitude", "region_name"] } } output { stdout { codec => rubydebug } elasticsearch { hosts => ['127.0.0.1:9200'] } }