filebeat:
  prospectors:
    -
      paths:
        - /var/log/program/program.log*
      input_type: log
      exclude_lines: ["\"msg\":\"[a-z_]+\""]
      include_lines: ["\"event\":\"[a-z_]+\""]
      exclude_files: [".gz$"]
      document_type: event_logs
      fields:
        record_type: "server_logs"
      fields_under_root: true
      scan_frequency: 10s
      tail_files: false

  spool_size: 2048
  idle_timeout: 5s
  # Name of the registry file that tracks sent log lines
  registry_file: /var/lib/filebeat/registry

output:
  logstash:
    hosts: ["logs.example.com:5044"]
    max_retries: -1
    tls:
      # Certificate stuff
      insecure: false

logging:
  # All Default except rotate
  files:
    rotateeverybytes: 10485760 # = 10MB