filter {
  if "rabbitmq" in [tags] {
    if [message] == "" {
      drop { }
    }
    grok {
      match => { "message" => "^\=%{LOGLEVEL:loglevel} REPORT\=\=\=\= %{MONTHDAY:event_day}\-%{MONTH:event_month}\-%{YEAR:event_year}\:\:%{TIME:event_time} \=\=\=\n%{GREEDYDATA:logmessage}" }
    }

    mutate {
      replace => { "module" => "rabbitmq" }
      add_field => { "timestamp" => "%{event_day} %{event_month} %{event_year} %{event_time}" }
    }

    date {
      match => [ "timestamp", "dd MMM YYYY HH:mm:ss" ]
      remove_field => [ "event_day", "event_month", "event_year", "event_time", "timestamp" ]
    }
  }
}