path => "/var/log/test.log"
start_position => "beginning"
pattern => "^%{TIMESTAMP_ISO8601}"
The pattern looks for log lines starting with a timestamp and, until a new match is found, all lines are considered part of the event. This is done by setting the negate parameter to true.
Parsing logs means adding a new section to the config file:
match => [ "message", "(?m)%{TIMESTAMP_ISO8601:timestamp} %{LOGLEVEL:severity} %{GREEDYDATA:message}" ]
overwrite => [ "message" ]
match => [ "timestamp" , "yyyy-MM-dd HH:mm:ss,SSS" ]