input {
    http {
        port => 3000
    }
}
filter {
    grok {
        match => ["[data][log1]", "%{COMBINEDAPACHELOG}"]
        match => ["[data][log1]", "%{NUMBER} %{GREEDYDATA:[nested][field][data1]}"]
        match => {"[data][log2]" => "%{COMBINEDAPACHELOG}"}
        match => {"[data][log2]" => "%{NUMBER:num:int} %{GREEDYDATA:[nested][field][data2]}"}
        overwrite => ["[nested][field][data1]", "[nested][field][data2]"]
        break_on_match => false
    }
    date {
        match => ["[data][timestamp]", "yyyy-MM-dd"]
        target => "[data][@timestamp]"
    }
    kv {
        source => "[data][message]"
        target => "[data][test]"
    }
    mutate {
        add_field => { "[messages][message1]" => 3 "[messages][message2]" => 4.2 "[messages][message3]" => "test3" "[messages][message4]" => true }
        rename => { "[messages][messagea]" => "[newMessage]" "[messages][messageb]" => "[newMessage2]" }
        copy => { "[messages][messagec]" => "[messaged]" }
        remove_field => ["[messages][test]", "[test2]"]
        remove_field => ["[messages][test3]", "[test4]"]
        uppercase => ["[message][uppercaseField]"]
    }
}
output {
    elasticsearch {
        hosts => ["https://localhost:19000"]
        user => myuser
        password => mypassword
        index => "simple-pipeline"
    }
}