with builtins; {

  resource = {

    graylog_pipeline_connection = {
      journald.pipeline_ids = [ "\${graylog_pipeline.kibana.id}" ];
    };

    graylog_pipeline = {
      kibana.source = ''
        pipeline "kibana : parsing"
          stage 10 match either
            rule "kibana : parse level 1"
          stage 11 match either
            rule "kibana : parse message"
        end
      '';
    };

    graylog_pipeline_rule = {
      kibanaLevel1.source = ''
        rule "kibana : parse level 1"
        when
          has_field("systemd_unit") && ($message.systemd_unit == "kibana.service")
        then
          let parsedJson = parse_json(to_string($message.message));
          set_fields(to_map(parsedJson),"kibana_");
        end
      '';
      kibanaLevelRequest.source = ''
        rule "kibana : parse request"
        when
          has_field("kibana_req")
        then
          let parsedJson = parse_json(to_string($message.kibana_req));
          set_fields(to_map(parsedJson),"kibana_req_");
        end
      '';
      kibanaLevelResponse.source = ''
        rule "kibana : parse response"
        when
          has_field("kibana_res")
        then
          let parsedJson = parse_json(to_string($message.kibana_res));
          set_fields(to_map(parsedJson),"kibana_res_");
        end
      '';
      kibanaLevelMessage.source = ''
        rule "kibana : parse message"
        when
          has_field("kibana_message")
        then
          set_field("message", $message.kibana_message);
        end
      '';
    };

  };
}