input {
    file {
        path => "E:/ELK/alerts.json"
        start_position => "beginning"
        sincedb_path => "NUL"
    }
}

filter {
    json {
        source => "message"
    }
    mutate {
        convert => { 
            "src_port" => "integer"
            "dst_port" => "integer"
            "priority" => "integer"
        }
        gsub => ["timestamp", "\d{3}$", ""]
    }
    date {
        match => [ "timestamp", "yy/MM/dd-HH:mm:ss.SSS" ]
    }
    geoip { source => "src_addr" }
}

output {
    elasticsearch {
        hosts => "http://localhost:9200"
        index => "logstash-snort3j"
    }
    stdout { }
}

