filter {
  if [type] == "monolog" {
    if [app_name] == "sigelar" and [app_component] == "sync" {
      grok {
        match => { "source" => "%{GREEDYDATA}/sync-queue_%{NUMBER:que_thread_num}-%{YEAR}-%{MONTHNUM}-%{MONTHDAY}.log" }
      }
      mutate {
        add_tag => [ "que_%{que_thread_num}" ]
      }
      grok {
        match => { "message" => "\[%{TIMESTAMP_ISO8601:timestamp}\] %{DATA:env}\.%{DATA:severity}: %{GREEDYDATA:logmsg}" }
        add_field => [ "received_at", "%{@timestamp}" ]
      }
      date {
        match => [ "timestamp", "YYYY-MM-dd HH:mm:ss" ]
        timezone => "Asia/Jakarta"
        target => "@timestamp"
      }
      mutate {
        replace => { "message" => "%{logmsg}" }
        remove_field => [ "que_thread_num", "timestamp", "source" ]
      }
      mutate {
        remove_field => [ "logmsg", "beat", "offset", "input_type", "count" ]
      }
    }
  }
}