filter{
    if "beats_input_codec_plain_applied" in [tags] {
        mutate {
            remove_tag => ["beats_input_codec_plain_applied"]
        }
    }
    if [type] == "web_access_log" {
        mutate {
          remove_field => [ "beat", "input_type", "offset", "source","fields", "count" ]
        }
        grok {
            match => {"message" => "%{COMBINEDAPACHELOG}"}
            remove_field => ["message"]
            add_field => [ "received_at", "%{@timestamp}" ]
        }
        geoip {
          source => "clientip"
          target => "geoip"
          database => "/etc/logstash/GeoLiteCity.dat"
        }
        date {
          match => [ "timestamp", "dd/MMM/yyyy:HH:mm:ss Z" ]
          timezone => "Asia/Jakarta"
          target => "@timestamp"
        }
        mutate {
          remove_field => [ "timestamp" ]
          convert => [ "[geoip][location]", "float" ]
          convert => [ "[bytes]", "integer"]
          rename => [ "httpversion", "http_version" ]
          rename => [ "verb",        "method"       ]
          rename => [ "clientip",    "remote_ip"    ]
        }
        useragent {
          source => "agent"
          target => "user_agent"
          remove_field => ["agent"]
        }
    }
    if [type] == "web_error_log" {
        mutate {
          remove_field => [ "beat", "input_type", "offset", "source","fields", "count" ]
        }
        grok {
            match => {"message" => "%{HTTPD_ERRORLOG}"}
            remove_field => ["message"]
            add_field => [ "received_at", "%{@timestamp}" ]
        }
        date {
          match => [ "timestamp", "EEE MMM dd HH:mm:ss YYYY" ]
          timezone => "Asia/Jakarta"
          target => "@timestamp"
        }
        mutate {
          remove_field => [ "timestamp" ]
          rename => [ "clientip",    "remote_ip"    ]
        }
    }
}