logstash解析tomcat的catalina.out日志字段

filter {
    mutate {
        remove_field => ["@version","prospector","input","beat","source","offset"]
    }
    grok {
        match => {
            "message" => "%{TIMESTAMP_ISO8601:access_time} %{LOGLEVEL:loglevel} [%{DATA:exception_info}] - <%{MESSAGE:message}>"
        }
        pattern_definitions => {
            "MESSAGE" => "[sS]*"
        }
    }
    date {
        match => [ "access_time","yyyy-MM-dd HH:mm:ss,SSS" ]
    }
    mutate {
        remove_field => ["access_time","[message][0]"]
    }
}