andrewvc/gist:b25097d19aa50df8e05f

## gistfile1.txt
input {
  generator {
    lines => ["foo", "bar", "baz", "something bad"]
    count => 1000000
  }
}

filter {
  if [message] == "foo" {
    mutate { add_field => { "is_foo" => true }}
  } else if [message] =~ /^b/ {
    mutate { add_field => { "starts_with_b" => true} }

    if [message] == "bar" {
      mutate { add_field => {"is_bar" => true} }
    } else {
      mutate { add_field => {"is_bar" => false} }
    }
  }
}

output {
 file { path => "/tmp/somefile" codec => "json_lines" }
}
	input {
	generator {
	lines => ["foo", "bar", "baz", "something bad"]
	count => 1000000
	}
	}

	filter {
	if [message] == "foo" {
	mutate { add_field => { "is_foo" => true }}
	} else if [message] =~ /^b/ {
	mutate { add_field => { "starts_with_b" => true} }

	if [message] == "bar" {
	mutate { add_field => {"is_bar" => true} }
	} else {
	mutate { add_field => {"is_bar" => false} }
	}
	}
	}

	output {
	file { path => "/tmp/somefile" codec => "json_lines" }
	}