[sources.syslog_file_logs]
type = "file"
include = ["/var/log/syslog"]
read_from = "end"

[transforms.parse_syslog_file_logs]
type = "remap"
inputs = ["syslog_file_logs"]
source = '''
    source_file = .file
    source_syslog_message = .message

    syslog_message, err = parse_syslog(source_syslog_message)

    if err != null {
        abort
    }

    . = {}
    .timestamp = now()
    .message = syslog_message.message
    .file = source_file
    '''

[sinks.syslog_file_to_es]
    type = "elasticsearch"
    inputs   = ["parse_syslog_file_logs"]
    compression = "none"
    healthcheck = true
    auth.strategy= "basic"
    auth.user = "{{ elastic_login }}"
    auth.password = "{{ elastic_password }}"
    endpoint = "{{ elastic_url }}"
    normal.index = "system-logs"
    id_key = "event_uuid"