if "error" in [tags] {
elasticsearch {
codec => "json"
+ cacert => "/clamp-cert/ca-certs.pem"
+ ssl_certificate_verification => false
hosts => ["${elasticsearch_base_url}"]
user => ["${logstash_user}"]
password => ["${logstash_pwd}"]
elasticsearch {
codec => "json"
hosts => ["${elasticsearch_base_url}"]
+ cacert => "/clamp-cert/ca-certs.pem"
+ ssl_certificate_verification => false
user => ["${logstash_user}"]
password => ["${logstash_pwd}"]
document_id => "%{requestID}"
elasticsearch {
codec => "json"
hosts => ["${elasticsearch_base_url}"]
+ cacert => "/clamp-cert/ca-certs.pem"
+ ssl_certificate_verification => false
user => ["${logstash_user}"]
password => ["${logstash_pwd}"]
index => "events-%{+YYYY.MM.DD}" # creates daily indexes