input {
  # tcp {
  #   port => 5000
  #   type => syslog
  # }
  # udp {
  #   port => 5000
  #   type => syslog
  # }
    file{
        type => as_csv
        path => "/tmp/logfile"
        # path => "/data/*"
        start_position => "beginning"
    }
}
filter {
    csv{
        columns => ["endTime","Name","requestUrl","sourceAddress","destinationAddress","priority","Device Vendor","Device Product","Non-CEF Raw Message"]
    }
    grok { match => { "message" => ["%{DATESTAMP:datum}"] } }
    date { match => [ "datum","yy/MM/dd HH:mm:ss" ] timezone => "CET" } 

}
output {
  elasticsearch {
      hosts => ["elasticsearch:9200"]
      index => "arcsight"
      # index => "arcsight-%{+YYYY.MM.dd}"
  }
  # stdout { codec => rubydebug }
}