# Author: Justin Henderson
#         SANS Instructor and author of SANS SEC555: SIEM and Tactical Analytics
# Updated by: Doug Burks
# Last Update: 5/22/2017

filter {
  if [type] == "syslog" { 
    # This drops syslog messages regarding license messages.  You may want to comment it out.
    #if [message] =~ "license" {
    #  drop { }
    #}
	mutate {
		#convert => [ "status_code", "integer" ]
	}
  }  
}