colinsurprenant/apachelogs.conf

## apachelogs.conf
input {
  stdin { }
}

filter {
  grok {
    match => {
      "message" => '%{IPORHOST:clientip} %{USER:ident} %{USER:auth} \[%{HTTPDATE:timestamp}\] "%{WORD:verb} %{DATA:request} HTTP/%{NUMBER:httpversion}" %{NUMBER:response:int} (?:-|%{NUMBER:bytes:int}) %{QS:referrer} %{QS:agent}'
    }
  }

  date {
    match => [ "timestamp", "dd/MMM/YYYY:HH:mm:ss Z" ]
    locale => en
  }

  geoip {
    source => "clientip"
  }

  useragent {
    source => "agent"
    target => "useragent"
  }
}

output {
  # stdout { codec => rubydebug }
  elasticsearch {
    protocol => "http"
    host => "localhost"
  }
}
	input {
	stdin { }
	}

	filter {
	grok {
	match => {
	"message" => '%{IPORHOST:clientip} %{USER:ident} %{USER:auth} \[%{HTTPDATE:timestamp}\] "%{WORD:verb} %{DATA:request} HTTP/%{NUMBER:httpversion}" %{NUMBER:response:int} (?:-\|%{NUMBER:bytes:int}) %{QS:referrer} %{QS:agent}'
	}
	}

	date {
	match => [ "timestamp", "dd/MMM/YYYY:HH:mm:ss Z" ]
	locale => en
	}

	geoip {
	source => "clientip"
	}

	useragent {
	source => "agent"
	target => "useragent"
	}
	}

	output {
	# stdout { codec => rubydebug }
	elasticsearch {
	protocol => "http"
	host => "localhost"
	}
	}