Receive multiple Logstash inputs with TCP, UDP and Beats

pipelines.yml

- pipeline.id: pcf
  path.config: "/etc/logstash/conf.d/syslog.conf"
- pipeline.id: vm
  path.config: "/etc/logstash/conf.d/vmlog.conf"

vmlog.conf

input {
	beats {
    port => 5044
    type => 3dlog
  }
}

filter {}

output {
  elasticsearch {
    hosts => ["localhost:9200"]
    index => "logs-%{+yyyy.MM.dd}"
  }
}

syslog.conf

input {
  tcp {
    port => 5041
    type => syslog
  }
  udp {
    port => 5041
    type => syslog
  }
}

filter {
  if [type] == "syslog" {
    grok {
      match => {
        "message" => [
          "%{SYSLOG5424PRI}%{NONNEGINT:syslog5424_ver} +(?:%{TIMESTAMP_ISO8601:timestamp}|-) +(?:%{HOSTNAME:host_app}|-) +(?:%{NOTSPACE:syslog5424_app}|-) +(?:%{NOTSPACE:syslog5424_proc}|-) - \[(?:%{GREEDYDATA:syslog_tags})\"\] +%{TIMESTAMP_ISO8601:time} +%{LOGLEVEL:logLevel} +%{INT:logLevelNo} +%{GREEDYDATA:scheduling}] +%{GREEDYDATA:logMessage}",
          "(?:%{HOSTNAME:host_app}|-) +(?:%{NOTSPACE:syslog5424_app}|-) +(?:%{NOTSPACE:syslog5424_proc}|-) +(?:%{NOTSPACE}|) \[(?:%{GREEDYDATA:syslog_tags})\"\] +(?:%{HOSTNAME:app_host}) +(?:%{NOTSPACE}|) +(?:%{GREEDYDATA:logMessage})",
          "%{TIMESTAMP_ISO8601:timestamp} %{GREEDYDATA:logMessage}"
        ]
      }
    }
    syslog_pri { }
    date {
      match => [ "syslog_timestamp", "MMM  d HH:mm:ss", "MMM dd HH:mm:ss" ]
    }
    kv {
      source => "syslog_tags"
      field_split => " "
      value_split => "="
      remove_char_key => "<>\[\],"
      remove_char_value => "<>\[\],"
      trim_key => "<>\[\],"
      trim_value => "<>\[\],"
      include_brackets => false
    }
    if !("_grokparsefailure" in [tags]) {
      mutate {
        rename => [ "source_host", "syslog_hostname" ]
        rename =>[ "message", "syslog_message" ]
      }
    }
    mutate {
      remove_field => [ "syslog_hostname", "syslog_message", "syslog_tags", "syslog_timestamp" ]
    }
  }
}

output {
  elasticsearch {
    hosts => ["localhost:9200"]
    index => "app-logs-%{+yyyy.MM.dd}"
  }
}