Once logstash server was started i could see how it was parsing logs and posting them in elasticsearch. For example for the following log statement
java -jar logstash-1.3.2-flatjar.jar agent -f httpaccess.conf
I could see logstash converting it into following JSON before posting it into elasticsearch
22.214.171.124 - - [31/Aug/2011:08:35:17 -0700] "GET /favicon.ico HTTP/1.1" 200 3935 "-" "Mozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10"