diff --git a/docker-compose/elk/logstash/conf.d/22-parse-tango-rest.conf b/docker-compose/elk/logstash/conf.d/22-parse-tango-rest.conf
new file mode 100644
index 0000000000000000000000000000000000000000..5df0cd92bd32625a1eb91220bf4e7a9827799523
--- /dev/null
+++ b/docker-compose/elk/logstash/conf.d/22-parse-tango-rest.conf
@@ -0,0 +1,14 @@
+filter {
+  if [program] == "tango-rest" {
+    grok {
+      match => {
+        "message" => "%{TIMESTAMP_ISO8601:timestamp} %{WORD:level} %{GREEDYDATA:message}"
+      }
+      "overwrite" => [ "timestamp", "level", "message" ]
+    }
+    date {
+      match => [ "timestamp", "YYYY-MM-dd HH:mm:ss,SSS" ]
+      timezone => "UTC"
+    }
+  }
+}
diff --git a/docker-compose/elk/logstash/conf.d/23-parse-archiver-maria-db.conf b/docker-compose/elk/logstash/conf.d/23-parse-archiver-maria-db.conf
new file mode 100644
index 0000000000000000000000000000000000000000..4be7853e646afa2e6d272a78fb6cdc660c56cabc
--- /dev/null
+++ b/docker-compose/elk/logstash/conf.d/23-parse-archiver-maria-db.conf
@@ -0,0 +1,23 @@
+filter {
+  if [program] == "archiver-maria-db" {
+    grok {
+      match => {
+        "message" => [
+          "%{TIMESTAMP_ISO8601:timestamp} .%{WORD:level}. %{GREEDYDATA:message}",
+          "%{TIMESTAMP_ISO8601:timestamp} 0 .%{WORD:level}. %{GREEDYDATA:message}"
+        ]
+      }
+      "overwrite" => [ "timestamp", "level", "message" ]
+    }
+    mutate {
+      gsub => [
+        "level", "Note", "Info"
+      ]
+      uppercase => [ "level" ]
+    }
+    date {
+      match => [ "timestamp", "YYYY-MM-dd HH:mm:ssZZ", "YYYY-MM-dd HH:mm:ss", "YYYY-MM-dd  H:mm:ss"  ]
+      timezone => "UTC"
+    }
+  }
+}