input {
	file {
		start_position =>  "beginning"
		type =>  "bro_conn_logs"
		path => "/home/nahum/conn.log"
		codec => "json"
	}
	file {
		start_position =>  "beginning"
		type =>  "bro_dns_logs"
		path => "/home/nahum/dns.log"
		codec => "json"
	}
	file {
		start_position =>  "beginning"
		type =>  "bro_http_logs"
		path => "/home/nahum/http.log"
		codec => "json"
	}
	file {
		start_position =>  "beginning"
		type =>  "bro_ssl_logs"
		path => "/home/nahum/ssl.log"
		codec => "json"
	}
	file {
		start_position =>  "beginning"
		type =>  "bro_x509_logs"
		path => "/home/nahum/x509.log"
		codec => "json"
	}
}
 
filter {
	date { 
		match => [ "ts", "ISO8601" ]
		add_field => [ "observer-id", "kaliya.watson.ibm.com" ]
	}
	geoip { 
		source => "id.resp_h" 
		target => "geoip" 
	}
}
 
output {
	if [type] == "bro_conn_logs" {
		elasticsearch { 
			index => "bro-conn"
		}
	}
	if [type] == "bro_dns_logs" {
		elasticsearch { 
			index => "bro-dns"
		}
	}
	if [type] == "bro_http_logs" {
		elasticsearch { 
			index => "bro-http"
		}
	}
	if [type] == "bro_ssl_logs" {
		elasticsearch { 
			index => "bro-ssl"
		}
	}
	if [type] == "bro_x509_logs" {
		elasticsearch { 
			index => "bro-x509"
		}
	}
}