input {
  file {
    path => "/home/ubuntu/datasets/apache/sample.log"
    sincedb_path => "/dev/null"
    start_position => "beginning"
  }
}

filter {
  grok {
    match => {
      "message" => "%{COMBINEDAPACHELOG}"
    }
  }
  mutate {
    convert => { "bytes" => "integer" }
  }
  date {
    match => [ "timestamp", "dd/MMM/YYYY:HH:mm:ss Z" ]
    locale => en
    remove_field => "timestamp"
  }
  geoip {
    source => "clientip"
  }
  useragent {
    source => "agent"
    target => "useragent"
  }
  ruby {
    init => "last = ::Time.parse('2014-09-25T04:00:00+00:00'); @shift = ::Time.now - last"
    code => "event.set('@timestamp', LogStash::Timestamp.new(event.get('@timestamp') + @shift))"
  }
  mutate {
    remove_field => [ "message", "@version", "path" ]
  }
}

output {
  stdout {
    codec => rubydebug
  }
  elasticsearch {
  hosts => ['localhost:9200']
  }
}