input {
file {
type => “log”
path => “/var/log/appuser/ZM*/*.log”
codec => json{
charset => “UTF-8”
}
sincedb_path => “/opt/logstash/sincedb/app_log”
discover_interval => 5
start_position => “beginning”
}
}

output {
elasticsearch {
hosts => [“http://ip:port”, “http://ip:port”, “http://ip:port”]
index => “logs_%{+YYYY.MM.dd}”
#type => “log”
#user => “elastic”
#password => “*****”
}
}