Our next-gen architecture is built to help you make sense of your ever-growing data Watch a 4-min demo video!

Start Free Trial Request Demo
Back to All Integrations

Logstash Logstash

Last Updated: Feb. 07, 2023

Coralogix provides seamless integration with Logstash so you can send your logs from anywhere and parse them according to your needs.

Prerequisites

Have Logstash installed, for more information on How to Install Logstash

Usage

We recommend using the generic http output plugin. It allows for a very high level of Configurability and with metric support to monitor the output.

Installation

First we need to use a ruby code segment to share the event structure flowing through the logstash.
If you wish to have a “Dynamic” Application and Subsystem, this is the place to make sure they are set.
In this example we assume the message is in JSON structure and has these fields: application, subsystem and host.

filter {
  ruby {code => "
                event.set('[@metadata][application]', event.get('application'))
                event.set('[@metadata][subsystem]', event.get('subsystem'))
                event.set('[@metadata][event]', event.to_json)
                event.set('[@metadata][host]', event.get('host'))
                "}
}

If you wish them to be remain static you may wish to replace the event.get with a plain string, for example:

filter {
  ruby {code => "
                event.set('[@metadata][application]', MyApplicationName)
                event.set('[@metadata][subsystem]', MySubsystemName)
                event.set('[@metadata][event]', event.to_json)
                event.set('[@metadata][host]', event.get('host'))
                "}
}

Once the Event is ready we need to configure the output itself to send the logs. Input your private key.

output {
	http {
        url => "<your cluster singles url>"
        http_method => "post"
        headers => ["private_key", "<your cluster's private key>"]
        format => "json_batch"
        codec => "json"
        mapping => {
            "applicationName" => "%{[@metadata][application]}"
            "subsystemName" => "%{[@metadata][subsystem]}"
            "computerName" => "%{[@metadata][host]}"
            "text" => "%{[@metadata][event]}"
        }
        http_compression => true
        automatic_retries => 5
        retry_non_idempotent => true
        connect_timeout => 30
        keepalive => false
        }
}

Parameters and descriptions

Depending on your accounts geo location you will need to provide a url to the configuration above:

Cluster NameURL
EUhttps://api.coralogix.com/logs/rest/singles
EU2https://api.eu2.coralogix.com/logs/rest/singles
UShttps://api.coralogix.us/logs/rest/singles
SGhttps://api.coralogixsg.com/logs/rest/singles
INhttps://api.app.coralogix.in/logs/rest/singles

If you have any questions or need additional guidance, our support team is available 24/7 via our in-app chat!

On this page