filter {
  if "heat" in [tags] {
    if [module] == "eventlet.wsgi.server" {
      if "accepted" not in [logmessage] {
        mutate {
          gsub => ['logmessage',"\"",""]
        }
        grok {
          match => { "logmessage" => "\[%{NOTSPACE:requestid} %{NOTSPACE:user_id} %{NOTSPACE:tenant} %{NOTSPACE} %{NOTSPACE} %{NOTSPACE}\] %{NOTSPACE:requesterip} %{NOTSPACE} %{NOTSPACE} \[%{NOTSPACE:req_date} %{NOTSPACE:req_time}\] %{NOTSPACE:verb} %{NOTSPACE:url_path} %{NOTSPACE:http_ver} %{NUMBER:response} %{NUMBER:bytes} %{BASE10NUM:httptime}" }
          add_tag => ["apimetrics"]
        }
      }
      mutate {
        replace => { "module" => "heat.%{module}" }
      }
    } else if [module] == "heat.engine.service" {
      grok {
        match => { "logmessage" => "\[%{NOTSPACE:requestid} %{NOTSPACE:user_id} %{NOTSPACE:tenant} %{NOTSPACE} %{NOTSPACE} %{NOTSPACE} %{GREEDYDATA:servicemessage}" }
        add_tag => ["apimetrics"]
      }
    }
  }
}