[syslog]
type="LogstreamerInput"
log_directory="/var/log/syslog/systems/web"
file_match='(?P<Year>\d+)-(?P<Month>\d+)-(?P<Day>\d+).log'
priority = ["Year", "Month", "Day"]
oldest_duration="2h"

[apache_transform_decoder]
type = "SandboxDecoder"
script_type = "lua"
filename = "lua_decoders/apache_access.lua"

[apache_transform_decoder.config]
log_format = '%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"'
# type = "ApacheLogfile" # this should be something more specific incase multiple services are being aggregated upstream
user_agent_transform = true

# Start commenting here if you don't want any stdout
[stdout]
type = "LogOutput"
message_matcher = "TRUE"
payload_only = true
# Finish commenting here

[ElasticSearchOutput]
message_matcher = 'Type !~ /^heka\./'
cluster = "mozdefqa"
index = "events"
type_name = "event"
server = "http://mozdef.example.com:8080"
format = "clean"
flush_interval = 1000
flush_count = 10