input {
  beats {
    port => 5044
  }
}

filter {
        grok {
                match => { "message" => "%{LOGLEVEL:loglevel} %{GREEDYDATA:message}"}
        	overwrite => [ "message" ]
        }

        json{
                source => "message"
        }

        if [message] != "" {
                mutate {
               		add_tag => [ "spam_log" ]
                }
        }
        else {
           mutate{
              add_tag => [ "analyze" ]
 		   add_field => {"index_name" => "%{Process}"}
           }
		mutate {
			gsub => ["index_name","[ *<>%|?]","_"]
		}
		ruby {
			code => 'event.set("index_name", event.get("index_name").to_s.force_encoding("ISO-8859-1").downcase)'
		}
             
           mutate{
              convert => { "[RunTime]" => "integer" }
              add_tag => [ "processed log" ]
                }
           mutate {
              lowercase => [ "[ItemStatus]" ]
                  }
		  
        }

	if "spam_log" in [tags] {
		if "execution ended" in [message] {
			mutate { add_tag => ["total"]}
			ruby {
				path => "C:/busapps/rrsb/gbl1/logstash/7.0.0/ruby_scripts/remove_env_suffix.rb"
			}
			
		}
		else {
			drop{}
		}
	}
} 
 
 output {
  	if ("total" in [tags]) {
  		elasticsearch {
				hosts => ["localhost:9200"]
    			index => "totalexecution-%{+YYYY}"
				user => elastic
				password => "3wUwULD3QJaKke"
				}
				}
	
}