That is just a cut and paste. I didn't not give you the full statement. I have pasted the full statement in the messages above that but obviously it does not show the condition on the output. Here is the full statement for the diagnostic.conf with the condition inserted.
input{
beats{
port => "5044"
}
}
filter {
if [type] == "diagnostic" {
grok {
match => { "message" => "%{TIMESTAMP_ISO8601:timestamp}%{GREEDYDATA:message}" }
}
date {
match => ["timestamp" , "yyyy-MM-dd HH:mm:ss,SSS"]
target => ["@timestamp"]
}
}
}
output {
if [type] == "diagnostic" {
elasticsearch {
hosts => ["10.xxx.xxx.xxx:9200"]
manage_template => false
index => "%{[@metadata][beat]}-%{+YYYY.MM.dd}"
document_type => "%{[@metadata][type]}"
}
}