logstash/etc/agent.conf.example

input {
  file {
    path => [ "/var/log/messages", "/var/log/*.log" ]
    type => "linux-syslog"
  }
}

filter {
  grok {
    type => "linux-syslog"
    pattern => "%{SYSLOGLINE}"
  }

  date {
    type => "linux-syslog"
    timestamp => "MMM dd HH:mm:ss"
    timestamp8601 => ISO8601
  }
}

output {
  stdout {
  }

  elasticsearch { 
    index => "logstash"
    type => "%{@type}"
  }
}