simulate-access-log-pipeline.json

{
    "pipeline": {
        "description": "Artifactory access.log pipeline",
        "processors": [ 
            {
            "grok": {
                "field": "message",
                "patterns": [ 
                    "%{TIMESTAMP_ISO8601:rtf.access.timestamp} \\[%{DATA:rtf.access.action_resp} %{DATA:rtf.access.action_type}\\] %{DATA:rtf.access.repo_name}\\:%{DATA:rtf.access.file_path}\\s+.* %{USERNAME:rtf.access.username}\/%{IP:rtf.access.client_ip}",
                    "%{TIMESTAMP_ISO8601:rtf.access.timestamp} \\[%{DATA:rtf.access.action_resp} %{DATA:rtf.access.action_type}\\] %{DATA:rtf.access.repo_name}\\:%{DATA:rtf.access.file_path}\\s+.* %{GREEDYDATA:rtf.access.other}",
                    "%{TIMESTAMP_ISO8601:rtf.access.timestamp} \\[%{DATA:rtf.access.action_resp} %{DATA:rtf.access.action_type}\\]  for %{USERNAME:rtf.access.username}\/%{IP:rtf.access.client_ip}"
                ],
                "on_failure" : [
                {
                    "set" : {
                    "field" : "_index",
                    "value" : "failed-access-log-pipeline-{{ _index }}"
                    }
                }
                ]
            }
            },
            {
            "date": {
                "field" : "rtf.access.timestamp",
                "target_field": "@timestamp", 
                "formats" : [ "YYYY-MM-dd HH:mm:ss,SSS" ],
                "timezone" : "Europe/Stockholm",
                "on_failure" : [
                {
                    "set" : {
                    "field" : "_index",
                    "value" : "failed-access-log-pipeline-{{ _index }}"
                    }
                }
                ]
            }
            },
            {
            "remove": {
                "field": "message"
            }
            }
        ]
    },
    "docs": [
        {
        "_index": "index",
        "_type": "_doc",
        "_id": "1",
        "_source": {
            "message": "2018-09-06 08:17:31,105 [ACCEPTED DOWNLOAD] pip-remote-cache:0f/14/e3112808b727f72df9531fc2f00b84d4966e66001748b6883a21c767e902/smmap2-2.0.4-py2.py3-none-any.whl for anonymous/192.168.1.10."
        }
        },
        {
        "_index": "index",
        "_type": "_doc",
        "_id": "2",
        "_source": {
            "message": "2018-09-05 12:00:15,178 [ACCEPTED DELETE] auto-trashcan:something.local/a/b/c/file.jar for _system_."
        }
        },
        {
        "_index": "index",
        "_type": "_doc",
        "_id": "3",
        "_source": {
            "message": "2018-09-10 15:27:10,330 [DENIED LOGIN]  for userid1234/1.2.3.4."
        }
        }
    ]
}