lock Private

filter {
    grok {
        match => [
                "message", "%{TIMESTAMP_ISO8601} (?<correlation>[0-9a-z\-]+) %{WORD:level}([ ]+)([\[\]a-z \(\)\-0-9:\.]+)([A-Z]+)([ 0-9]+) --- ([\[a-z \-0-9]+)\] (?<class>[a-zA-Z\.]+)([ ]+): (?<category>[a-zA-Z\.\/\{\}]+) execution time: (?<execution_time>[0-9]+)",
                "message", "%{TIMESTAMP_ISO8601} (?<correlation>[0-9a-z\-]+) %{WORD:level}([ ]+)([\[\]a-z \(\)\-0-9:\.]+)([A-Z]+)([ 0-9]+) --- ([\[a-z \-0-9]+)\] (?<class>[a-zA-Z\.]+)([ ]+): %{GREEDYDATA:message}"
                ]
        overwrite => [ "message"]
    }
    json {
        source => "message"
        target => "data"