Coralogix provides seamless integration with Logstash so you can send your logs from anywhere and parse them according to your needs.
Have Logstash installed, for more information on How to Install Logstash
We recommend using the generic http output plugin. It allows for a very high level of Configurability and with metric support to monitor the output.
First we need to use a ruby code segment to share the event structure flowing through the logstash.
If you wish to have a “Dynamic” Application and Subsystem, this is the place to make sure they are set.
In this example we assume the message is in JSON structure and has these fields: application, subsystem and host.
filter { ruby {code => " event.set('[@metadata][application]', event.get('application')) event.set('[@metadata][subsystem]', event.get('subsystem')) event.set('[@metadata][event]', event.to_json) event.set('[@metadata][host]', event.get('host')) "} }
If you wish them to be remain static you may wish to replace the event.get with a plain string, for example:
filter { ruby {code => " event.set('[@metadata][application]', MyApplicationName) event.set('[@metadata][subsystem]', MySubsystemName) event.set('[@metadata][event]', event.to_json) event.set('[@metadata][host]', event.get('host')) "} }
Once the Event is ready we need to configure the output itself to send the logs. Input your private key.
output { http { url => "<your cluster singles url>" http_method => "post" headers => ["private_key", "<your cluster's private key>"] format => "json_batch" codec => "json" mapping => { "applicationName" => "%{[@metadata][application]}" "subsystemName" => "%{[@metadata][subsystem]}" "computerName" => "%{[@metadata][host]}" "text" => "%{[@metadata][event]}" } http_compression => true automatic_retries => 5 retry_non_idempotent => true connect_timeout => 30 keepalive => false } }
Depending on your accounts geo location you will need to provide a url to the configuration above:
Cluster Name | URL |
---|---|
EU | https://api.coralogix.com/logs/rest/singles |
EU2 | https://api.eu2.coralogix.com/logs/rest/singles |
US | https://api.coralogix.us/logs/rest/singles |
SG | https://api.coralogixsg.com/logs/rest/singles |
IN | https://api.app.coralogix.in/logs/rest/singles |
If you have any questions or need additional guidance, our support team is available 24/7 via our in-app chat!