sa-charts/docker-swarm/log/logstash.conf

filter {
    grok {
        match => { "message" => "%{TIMESTAMP_ISO8601:oldtimestamp}\s+\[%{DATA:service}\]\s+\[TID:%{NOTSPACE:tid}\]\s+\[%{DATA:thread}\]\s+%{LOGLEVEL:loglevel}\s+%{NOTSPACE:class}\s+-%{GREEDYDATA:oldmessage}"}
    }

    
    date {
      match => ["oldtimestamp", "ISO8601"] 
      target => "@timestamp" 
    }
    mutate {
      replace => { "message" => "%{oldmessage}" }
      remove_field => [ "oldmessage","oldtimestamp","agent","host","input","log.flags","log.flags.keyword","tags" ]
    }
}


output {
  if [servicename] {  
    elasticsearch {
        hosts => [ "prod-es-elasticsearch:9200" ]
        index => "sslog-%{[service]}"
        action => "create"
        ilm_enabled => false
    }
  }else{
    elasticsearch {
        hosts => [ "prod-es-elasticsearch:9200" ]
        index => "sslog-default"
        action => "create"
        ilm_enabled => false
    }
  }
}