input {
 file {
   mode => "tail"
   type => "snort-json"
   path => "/usr/share/logstash/ingest_data/alert_json.txt"
 }
 file {
  mode => "tail"
  type => "snort-appid"
  path => "/usr/share/logstash/ingest_data/appid_stats.log"
 }
}


filter {
}


output {
  if [type] == "snort-json" {
    elasticsearch {
      index => "snort-json-%{+YYYY.MM.dd}"
      hosts=> "${ELASTIC_HOSTS}"
      user=> "${ELASTIC_USER}"
      password=> "${ELASTIC_PASSWORD}"
      cacert=> "certs/ca/ca.crt"
    }
  }
  if [type] == "snort-appid" {
    elasticsearch {
      index => "snort-appid-%{+YYYY.MM.dd}"
      hosts=> "${ELASTIC_HOSTS}"
      user=> "${ELASTIC_USER}"
      password=> "${ELASTIC_PASSWORD}"
      cacert=> "certs/ca/ca.crt"
    }
    }
 
}