We're launching a new cybersecurity venture! Learn more about Snowbit >

Create an Account Request Demo

Logstash Logstash

Last Updated: Mar. 30, 2022

Coralogix provides seamless integration with Logstash so you can send your logs from anywhere and parse them according to your needs.

Prerequisites

Have Logstash installed, for more information on How to Install Logstash

Usage

We recommend using the generic http output plugin. It allows for a very high level of Configurability and with metric support to monitor the output.

Installation

First we need to use a ruby code segment to share the event structure flowing through the logstash.
If you wish to have a “Dynamic” Application and Subsystem, this is the place to make sure they are set.
In this example we assume the json structure of the massage has but the application and subsystem fields. those fields can be generated by the logstash filters as well.
If you wish them to be remain static you may wish to replace the event.get with a plain string.

filter {
  ruby {code => "
                event.set('[@metadata][application]', event.get('application'))
                event.set('[@metadata][subsystem]', event.get('subsystem'))
                event.set('[@metadata][event]', event.to_json)
                "}
}

Once the Event is ready we need to configure the output itself to send the logs.

output {
	http {
        url => "<your cluster singles url>"
        http_method => "post"
        headers => ["private_key", "<your cluster's private key>"]
        format => "json_batch"
        codec => "json"
        mapping => {
            "applicationName" => "%{[@metadata][application]}"
            "subsystemName" => "%{[@metadata][subsystem]}"
            "computerName" => "%{host}"
            "text" => "%{[@metadata][event]}"
        }
        http_compression => true
        automatic_retries => 5
        retry_non_idempotent => true
        connect_timeout => 30
        keepalive => false
        }
}

Parameters and descriptions

Depending on your accounts geo location you will need to provide a url to the configuration above:

Cluster NameURL
EUhttps://api.coralogix.com/logs/rest/singles
EU2https://api.eu2.coralogix.com/logs/rest/singles
UShttps://api.coralogix.us/logs/rest/singles
SGhttps://api.coralogixsg.com/logs/rest/singles
INhttps://api.app.coralogix.in/logs/rest/singles

If you have any questions or need additional guidance, our support team is available 24/7 via our in-app chat!

On this page