input {
  file {
    path => "/mnt/fileshare/logs/iis-server.log"    ## sample csv file
    start_position => "beginning"
    sincedb_path => "/dev/null"
  }
}


filter {
     grok {
      match => {
       "message" => ["%{TIMESTAMP_ISO8601:time} %{WORD:method} %{URIPATH:uri_requested} %{NOTSPACE:query} %{NUMBER:port} %{NOTSPACE:username} %{IPORHOST:client_ip} %{NOTSPACE:http_version} %{NOTSPACE:user_agent} %{NOTSPACE:cookie} %{URI:referrer_url} %{IPORHOST:host} %{NUMBER:http_status_code} %{NUMBER:protocol_substatus_code} %{NUMBER:win32_status} %{NUMBER:bytes_sent} %{NUMBER:bytes_received} %{NUMBER:time_taken}"
       ]
     }
   }

     mutate {
      rename => {
       "@timestamp" => "read_timestamp"
      }
     }
     date {
      match => [
       "time",
       "yyyy-MM-dd HH:mm:ss"
      ]
      target => "@timestamp"
     }

    mutate {
    remove_field => ["message", "host", "@version", "path"]
    }

   #if "_grokparsefailure" in [tags] { drop{} }
  
}

output {
    stdout { codec => rubydebug }
    elasticsearch {
        hosts => ["https://192.168.56.101:9200"]                  ## address of elasticsearch node
        index => "iis-server-log"
        user => "elastic"
        password => "enter-password-here"
        ssl => true
        cacert => "/usr/share/ca-certificates/elastic-ca.crt"   ## Shared Elasticsearch CA certificate path
    }
}