griggheo/20-app.conf

## 20-app.conf
filter {
    grok {
      add_tag => [ "valid" ]
      match => { "message" => "%{APPLOGLINE}" }
    }
    json {
      source => "payload"
    }
    if "valid" not in [tags] {
      drop { }
    }
}
	filter {
	grok {
	add_tag => [ "valid" ]
	match => { "message" => "%{APPLOGLINE}" }
	}
	json {
	source => "payload"
	}
	if "valid" not in [tags] {
	drop { }
	}
	}