ft_transcendence/logstash.conf

input {
  # Input from Docker container's stdout
  	beats {
		port => 5044
	}
  }

filter {
  # Grok filter to parse the log lines
  grok {
    match => {
      "message" => [
        "%{DATA:container_name}\s*\|\s*%{IP:client_ip}:%{NUMBER:client_port} - - \[%{HTTPDATE:timestamp}\] \"%{WORD:method} %{URIPATHPARAM:request} HTTP/%{NUMBER:http_version}\" %{NUMBER:status} %{NUMBER:bytes}"
      ]
    }
  }

  # Date filter to convert timestamp to a proper date format
  date {
    match => ["timestamp", "dd/MMM/yyyy:HH:mm:ss Z"]
    target => "@timestamp"
    remove_field => ["timestamp"]
  }
}

output {
  # Output to stdout for testing purposes
  stdout {
    codec => rubydebug
  }

  # Optionally, output to Elasticsearch
elasticsearch {
	hosts => ["localhost:9200"]
	index => "docker-logs-%{+YYYY.MM.dd}"
	user=> "${ELASTIC_USER}"
	password=> "${ELASTIC_PASSWORD}"
  }

}