remove unnecessary groks

resources/elk6/pipeline/2000_qualys_web_scans.conf

@@ -6,11 +6,19 @@
 
 input {
   file {
-    path => [ "/opt/VulnWhisperer/data/qualys/*.json" , "/opt/VulnWhisperer/data/qualys_web/*.json", "/opt/VulnWhisperer/data/qualys_vuln/*.json"] 
-    type => json
+    path => [ "/opt/VulnWhisperer/data/qualys_vuln/*.json" ] 
     codec => json
     start_position => "beginning"
-    tags => [ "qualys" ]
+    tags => [ "qualys_vuln" ]
+    mode => "read"
+    start_position => "beginning"
+    file_completed_action => "delete"
+  }
+  file {
+    path => [ "/opt/VulnWhisperer/data/qualys_web/*.json" ] 
+    codec => json
+    start_position => "beginning"
+    tags => [ "qualys_web" ]
     mode => "read"
     start_position => "beginning"
     file_completed_action => "delete"
@@ -25,11 +33,6 @@ filter {
       remove_field => ["scan_time"]
     }
 
-    grok {
-      match => { "path" => [ "(?<tags>qualys_vuln)_scan_%{DATA}_%{INT}.json$", "(?<tags>qualys_web)_%{INT:app_id}_%{INT}.json$" ] }
-      tag_on_failure => []
-    }
-
     if "qualys_web" in [tags] {
       mutate {
         add_field => { "asset" => "%{web_application_name}" }