Skip to content

Deprecation of Coralogix-Hosted Logstash for Legacy Filebeat Ingestion

Published: February 16, 2026

Effective: June 30, 2026

End-of-life notice

To improve platform reliability, simplify maintenance, and accelerate support for modern telemetry pipelines, Coralogix will retire the Coralogix-hosted Logstash service that supports the legacy Filebeat-based ingestion flow.

Action is required to avoid a loss of log ingestion after the effective date.

Why this is happening

Coralogix is investing in OpenTelemetry (OTel) as the recommended long-term ingestion approach. OpenTelemetry is the foundation for Coralogix’s most advanced capabilities and enables you to send logs, metrics, and traces from a single pipeline rather than using separate agents and paths. It unlocks powerful correlation between all entitty types to speed up investigations.

Filebeat supports logs only. The legacy Filebeat flow depends on a Coralogix-maintained Logstash server. This hosted Logstash service requires ongoing operational work and relies on an older Logstash version, which limits upgrades and creates avoidable risk.

What’s affected

After June 30, 2026, the Coralogix-hosted Logstash service will no longer accept data. This impacts:

  • Environments that ship logs using the legacy Filebeat-to-Coralogix hosted Logstash flow.
  • Any automation, onboarding scripts, or deployment templates that assume Coralogix provides a hosted Logstash endpoint.
  • Monitoring, alerting, and investigations that rely on those logs (you may see gaps in dashboards and alerts if ingestion stops).

This change does not prevent you from using Logstash. If you run Logstash in your own infrastructure, you can continue using Logstash as part of your pipeline.

What you need to do

Step 1. Confirm whether you are using Coralogix-hosted Logstash

Review your current deployment and look for configurations where Filebeat (or another shipper) forwards logs to a Coralogix-provided Logstash destination. If you are unsure, your Technical Account Manager or Coralogix Support can help you identify whether your account relies on the hosted service.

Step 2. Choose a migration path

Use one of the following options before June 30, 2026.

OpenTelemetry requires more setup than the legacy flow, but it is the recommended long-term solution.

What you typically do:

  • Deploy an OpenTelemetry Collector (Coralogix distribution or your preferred Collector build)
  • Configure the Collector to receive logs from your environment
  • Configure export to Coralogix using the endpoint for your Coralogix region and your API key
  • Validate that logs are arriving in Coralogix, then cut over traffic to the Collector

Why choose this:

  • Supports Coralogix’s most advanced features
  • One pipeline for logs, metrics, and traces
  • More future-proof than legacy agent-to-Logstash flows

Option B. Run your own Logstash instance (self-managed)

If you want to keep Logstash in your pipeline, you can run it in your own infrastructure. Coralogix supports the integration, but Coralogix will not host or maintain the Logstash server for you.

What you typically do:

  • Provision and operate Logstash in your environment (including version upgrades and scaling)
  • Update Filebeat to ship to your Logstash instance
  • Configure Logstash to forward data to Coralogix using supported ingestion methods and credentials
  • Validate ingestion in Coralogix, then cut over traffic

Step 3. Plan and complete the cutover before the effective date

Complete migration and validation before June 30, 2026 to avoid ingestion interruption. If you operate multiple environments, plan a staged rollout and verify ingestion and parsing behavior per environment.

What happens after June 30, 2026

  • The Coralogix-hosted Logstash service will be permanently shut down.
  • Any workloads still sending logs through the hosted Logstash service will stop ingesting into Coralogix.
  • Dashboards, alerts, and monitoring that rely on those logs may show missing data after the cutoff.

Need help?

Contact Coralogix Support through the in-app chat (24/7) or reach out to your Technical Account Manager.

Need help? Contact Support.
What's new? Find out here.
LLM? Read llms.txt.