input {
  syslog {
    port => 6005
    grok_pattern => "<%{POSINT:syslog_pri}>%{SYSLOGTIMESTAMP:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} %{DATA:syslog_program}(?:\[%{POSINT:syslog_pid}\])?: %{GREEDYDATA:syslog_message}"
    id => "syslog"
  }
}

filter {
  syslog_pri { }
  date {
     match => [ "syslog_timestamp", "MMM dd HH:mm:ss", "MMM  dd HH:mm:ss" ]
     target => "syslog_timestamp"
  }
  mutate {
    remove_field => [ "severity", "severity_label", "priority", "facility", "message", "@timestamp" ]
 }
}

output {
    elasticsearch {
      hosts => ["http://es01:9200","http://es02:9200","http://es03:9200"]
      user => "elastic"
      password => "xW8DTQG69Zrxy7hx"
      ilm_enabled => true
      ilm_rollover_alias => "simfony-syslog"
      ilm_policy => "simfony-syslog"
      ilm_pattern => "000001"
    }
}