Our next-gen architecture is built to help you make sense of your ever-growing data Watch a 4-min demo video!

Start Free Trial Request Demo
Back to All Docs

Logstash Logstash

Last Updated: Jun. 29, 2023

Coralogix provides seamless integration with Logstash, so you can send your logs from anywhere and parse them according to your needs.

Prerequisites

Install Logstash.

Usage

We recommend using the generic http output plugin. It allows for a very high level of Configurability and with metric support to monitor the output.

Installation

First we need to use a ruby code segment to share the event structure flowing through the logstash.
If you wish to have a “Dynamic” Application and Subsystem, this is the place to make sure they are set.
In this example we assume the message is in JSON structure and has these fields: application, subsystem and host.

filter {
  ruby {code => "
                event.set('[@metadata][application]', event.get('application'))
                event.set('[@metadata][subsystem]', event.get('subsystem'))
                event.set('[@metadata][event]', event.to_json)
                event.set('[@metadata][host]', event.get('host'))
                "}
}

If you wish them to be remain static you may wish to replace the event.get with a plain string, for example:

filter {
  ruby {code => "
                event.set('[@metadata][application]', MyApplicationName)
                event.set('[@metadata][subsystem]', MySubsystemName)
                event.set('[@metadata][event]', event.to_json)
                event.set('[@metadata][host]', event.get('host'))
                "}
}

Once the Event is ready we need to configure the output itself to send the logs. Input your Send-Your-Data API key.

output {
	http {
        url => "<your cluster singles url>"
        http_method => "post"
        headers => ["private_key", "<your cluster's private key>"]
        format => "json_batch"
        codec => "json"
        mapping => {
            "applicationName" => "%{[@metadata][application]}"
            "subsystemName" => "%{[@metadata][subsystem]}"
            "computerName" => "%{[@metadata][host]}"
            "text" => "%{[@metadata][event]}"
        }
        http_compression => true
        automatic_retries => 5
        retry_non_idempotent => true
        connect_timeout => 30
        keepalive => false
        }
}

Parameters and Descriptions

Select the Coralogix logs endpoint associated with your Coralogix domain.

Support

Need help?

Our world-class customer success team is available 24/7 to walk you through your setup and answer any questions that may come up.

Feel free to reach out to us via our in-app chat or by sending us an email at [email protected].

On this page