input { stdin {} } filter { grok { match => { "message" => "%{IP:clientip}\ \[%{HTTPDATE:timestamp}\]\ %{QS:referrer}\ %{NUMBER:response}\ %{NUMBER:bytes}" } remove_field => [ "message" ] } date { match => ["timestamp", "dd/MMM/yyyy:HH:mm:ss Z"] } mutate { rename => { "response" => "response_new" } convert => [ "response","float" ] gsub => ["referrer","\"",""] remove_field => ["timestamp"] split => ["clientip", "."] } } output { stdout { codec => "rubydebug" } }
