filter {
  if [service_name] == "quorum" {
    grok {
      match => { "message" => "%{GREEDYDATA:level}\[%{MONTHNUM:monthnum}\-%{DATA:monthday}\|%{TIME:time}\] %{GREEDYDATA:message}" }
      overwrite => [ "message" ]
    }
    mutate {
        add_field => { 
            "timestamp" => "%{monthnum} %{monthday} %{time}"
        }
    }
    date {
      match => [ "timestamp" , "MM dd HH:mm:ss.SSS", "MM dd HH:mm:ss.SSS", "ISO8601"]
      remove_field => [ "timestamp" ]
    }
    mutate {
        remove_field => [ "time" ,"month","monthday","year","timestamp"]
    }
  }
}