input {
  beats {
    port => 5044
  }
}

filter {
if [custom_services] == "nginxlog" {
  grok  {
	match => { "message" => "%{NGINXACCESS}" }
   }

  mutate {
    rename => {
	"clientip" => "nginx_remote_ip"
	"verb" => "nginx_method"
	"request" => "nginx_request_path"
	"response" => "nginx_response_staus"
	"bytes" => "nginx_body_sent"
	"agent" => "nginx_user_agent"	
    }
  }

  geoip {
    source => "nginx_remote_ip"  
    }
  mutate {
     remove_field => [ "%[beat][hostname]", "%[beat][version]", "%[beat][name]" ]
      }
    }
  }


output {
  elasticsearch {
    hosts => ["http://localhost:9200"]
    index => "logstash-%{+YYYY.MM.dd}"
    user => "elastic"
    password => "XhdIsoWJeuDIekLUWxws"
    codec => rubydebug
    template => "/etc/logstash/elastic_logstash_default.json"
    template_overwrite => true
    template_name => "elastic_logstash_default"
   }
}