ft_transcendence/config/logstash.conf

input {
	file {
		path => "/var/lib/docker/containers/*/*.log"
		start_position => "beginning"
		sincedb_path => "/dev/null"
		type => "docker"
		codec => "json"
	}
}

filter {
	if [log_message] =~ /GET/ {
		grok {
			match => { "log_message" => "%{IP:client_ip} - - \[%{HTTPDATE:timestamp}\] \"%{WORD:method} %{URIPATH:request_path} HTTP/%{NUMBER:http_version}\" %{NUMBER:response_code} %{NUMBER:response_size}" }
		}
		date {
			match => [ "timestamp", "dd/MMM/yyyy:HH:mm:ss Z" ]
				target => "@timestamp"
		}
	}
}

output {
	elasticsearch {
		hosts => ["http://es01:9200"]
		index => "docker-logs-%{+YYYY.MM.dd}"
		user=> "${ELASTIC_USER}"
		password=> "${ELASTIC_PASSWORD}"
	}
}