filter {
grok {
match => [
"message", "%{TIMESTAMP_ISO8601} (?<correlation>[0-9a-z\-]+) %{WORD:level}([ ]+)([\[\]a-z \(\)\-0-9:\.]+)([A-Z]+)([ 0-9]+) --- ([\[a-z \-0-9]+)\] (?<class>[a-zA-Z\.]+)([ ]+): (?<category>[a-zA-Z\.\/\{\}]+) execution time: (?<execution_time>[0-9]+)",
"message", "%{TIMESTAMP_ISO8601} (?<correlation>[0-9a-z\-]+) %{WORD:level}([ ]+)([\[\]a-z \(\)\-0-9:\.]+)([A-Z]+)([ 0-9]+) --- ([\[a-z \-0-9]+)\] (?<class>[a-zA-Z\.]+)([ ]+): %{GREEDYDATA:message}"
]
overwrite => [ "message"]
}
json {
source => "message"
target => "data"