Update 10-pf.conf

conf.d/10-pf.conf

 # 10-pf.conf
 filter {
   if "pf" in [tags] {
-    date {
-       match => [ "timestamp", " MMM dd HH:mm:ss" ]
-       target => "@timestamp"
-    }
     grok {
-        patterns_dir => ["/etc/logstash/conf.d/patterns"]
-        match => [ "message", "%{PFSENSE}", "message", "%{OPNSENSE}" ]
+      match => { "message" => "%{SYSLOGTIMESTAMP:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} %{DATA:syslog_program}(?:\[%{POSINT:syslog_pid}\])?: %{GREEDYDATA:syslog_message}" }
+      add_field => [ "received_at", "%{@timestamp}" ]
+      add_field => [ "received_from", "%{host}" ]
+    }
+    date {
+      match => [ "syslog_timestamp", "MMM d HH:mm:ss", "MMM dd HH:mm:ss" ]
+      locale => "en"
     }
     mutate {
       replace => [ "message", "%{msg}" ]