filebeat.inputs:-type:unixid:"NDPId-logs"# replace this index to your preferencemax_message_size:100MiBindex:"index-name"# Replace this with your desired index name in Elasticsearchenabled:truepath:"/var/run/nDPId.sock"# point nDPId to this Unix Socket (Collector)processors:-script:# execute javascript to remove the first 5-digit-number and also the Newline at the endlang:javascriptid:trimsource:>function process(event) {event.Put("message", event.Get("message").trim().slice(5)); }-decode_json_fields:# Decode the Json outputfields:["message"]process_array:truemax_depth:10target:""overwrite_keys:trueadd_error_key:false-drop_fields:# Deletes the Message field, which is the undecoded json (You may comment this out if you need the original message)fields:["message"]-rename:fields:-from:"source"# Prevents a conflict in Elasticsearch and renames the fieldto:"Source_Interface"