Пост #127449

input {
  beats {
    type => "postfix"
    port => 5044
  }
}

filter {
 if [type] == "postfix" {
    grok {
        match => { "message" => "%{SYSLOGTIMESTAMP} %{SYSLOGHOST} %{DATA:program}(?:\[%{POSINT}\])?: %{GREEDYDATA:message}" }
    }
       }
}
output {
        elasticsearch {
            type     => "postfix"
            hosts    => "localhost:9200"
            index    => "postfix-%{+YYYY.MM.dd}"
        }

}