filter {
  if "elasticsearch" in [tags] {
    grok {
      match => { "message" => "\[%{TIMESTAMP_ISO8601:timestamp}\]\[%{LOGLEVEL:loglevel}\s*\]\[%{NOTSPACE:module}\s*\] %{GREEDYDATA:logmessage}" }
    }
    mutate {
      replace => { "module" => "elasticsearch.%{module}" }
    }
  }
}