filter {
    # grok log lines by program name
    if [program] == 'amavis' {
        grok {
            patterns_dir   => "/etc/logstash/patterns.d"
            match          => [ "message", "%{AMAVIS}" ]
            tag_on_failure => [ "_grok_amavis_nomatch" ]
            add_tag        => [ "_grok_amavis_success" ]
        }
    }

    # Do some data type conversions
    mutate {
        convert => [
            # list of integer fields
            "amavis_size", "integer",
            "amavis_duration", "integer",

            # list of float fields
            "amavis_hits", "float"
        ]
    }
}