filebeat:
  prospectors:
    -
      paths:
        - /var/log/program/program.log*
      input_type: log
      exclude_lines: ["\"msg\":\"[a-z_]+\""]
      include_lines: ["\"event\":\"[a-z_]+\""]
      exclude_files: [".gz$"]
      document_type: event_logs
      fields:
        record_type: "server_logs"
      fields_under_root: true
      scan_frequency: 10s
      tail_files: false

  # Event count spool threshold - forces network flush if exceeded
  spool_size: 2048
  # Defines how often the spooler is flushed, regardless of spool size
  idle_timeout: 5s
  # Name of the registry file that tracks sent log lines
  registry_file: /var/lib/filebeat/registry

output:
  logstash:
    hosts: ["logs.example.com:5044"]
    max_retries: -1
    tls:
      insecure: false

logging:
  # Send all logging output to syslog. On Windows default is false, otherwise true
  #to_syslog: true

  # Write all logging output to files
  #to_files: false

  # To enable logging to files, to_files option has to be set to true
  files:
    # The directory where the log files will written to.
    #path: /var/log/mybeat

    # The name of the files where the logs are written to.
    #name: mybeat

    # Configure log file size limit. If limit is reached, log file will be
    # automatically rotated
    rotateeverybytes: 10485760 # = 10MB

    # Number of rotated log files to keep. Oldest files will be deleted first.
    #keepfiles: 7

  # Enable debug output for selected components. To enable all selectors use ["*"]
  # Other available selectors are beat, publish, service
  # Multiple selectors can be chained.
  #selectors: [ ]

  # Available log levels (default error): critical, error, warning, info, debug
  #level: error