The following is my logstash configuration:

    input {
    beats {
          port => 5044
          client_inactivity_timeout => 120
    }
    }
    filter {
    grok {
    match => {
    "message" => '%{IPORHOST:node_elk_ip} - - \[%{HTTPDATE:[request_info][time]}\] "%{WORD:[request_info][method]} %{DATA:[request_info][API]} HTTP/%{NUMBER:[request_info][http_version]}" %{NUMBER:[request_info][response_status]} %{NUMBER:[request_info][bytes]} "%{DATA:[request_info][referrer]}" "%{DATA:agent}" "%{IP:[user_request][user_IP]}" "%{NUMBER:[user_request][request_time]}" "%{DATA:[user_request][upstream_response_time]}" "%{DATA:[user_request][user_role]}"'
    }
    remove_field => "message"
    }

    geoip {
    source => "[user_request][user_IP]"
    target => "geoip"
    }
    useragent {
    source => "agent"
    target => "user_agent"
    remove_field => "agent"
    }
       
    }
    output {
    #stdout { codec => rubydebug }
    elasticsearch {
    hosts => ["localhost:9200"]
    #sniffing => true
    manage_template => false
    index => "%{[@metadata][beat]}-%{+YYYY.MM.dd}"
    document_type => "%{[@metadata][type]}"
    }
    }

---
NEW: Monitor These Apps!
elasticsearch, apache solr, apache hbase, hadoop, redis, casssandra, amazon cloudwatch, mysql, memcached, apache kafka, apache zookeeper, apache storm, ubuntu, centOS, red hat, debian, puppet labs, java, senseiDB