Coralogix provides seamless integration with Logstash so you can send your logs from anywhere and parse them according to your needs.

Table of contents

  1. Prerequisites
  2. Usage
  3. Installation
  4. Configuration


Have Logstash installed, for more information on how to install:


Private Key – A unique ID that represents your company, this Id will be sent to your mail once you register to Coralogix.

Application Name – Used to separate your environment, e.g. SuperApp-test/SuperApp-prod.

SubSystem Name – Your application probably has multiple subsystems, for example, Backend servers, Middleware, Frontend servers, etc. in order to help you examine the data you need, inserting the subsystem parameter is vital.


logstash-plugin install logstash-output-coralogix

If you are not sure where Logstash-plugin is located, you can check here:



Open your Logstash configuration file and add Coralogix output. (You should configure input plugin depending on your needs, for more information regarding input plugins please refer to

output {
    coralogix {
        config_params => {
            "APP_NAME" => "APP_NAME"
            "SUB_SYSTEM" => "SUB_NAME"
        log_key_name => "message"
        timestamp_key_name => "@timestamp"
        is_json => true

The first key (config_params) is mandatory while the other two are optional.

Application and Subsystem names

In case your input stream is a JSON object, you can extract APP_NAME and/or SUB_SYSTEM from the JSON using the $ sign. For instance, if we set our application name to be ‘$message.system’ then the system will extract “nginx” for the below message and place it under application name.

    "@timestamp": "2017 - 04 - 03 T18: 44: 28.591 Z",
    "@version": "1",
    "host": "test-host",
    "message": {
        "system": "nginx",
        "status": "OK",
        "msg": "Hello from Logstash"

Record content

In case your input stream is a JSON object and you don’t want to send the entire JSON, rather just a portion of it, you can write the value of the key you want to send in the log_key_name. By default, Logstash will send the whole record content.

For instance, in the above example, if you write log_key_name message then only the value of message key will be sent to Coralogix.

If you do want to send the entire message then you can just delete this key.


Coralogix automatically generates the timestamp based on the log arrival time.  If you rather use your own timestamp, use the “timestamp_key_name” to specify your timestamp field, and it will be read from your log.

Note: we accept only logs that are not older than 24 hours.

JSON support

In case your raw log message is a JSON object you should set is_json key to a “true” value, otherwise, you can ignore it.

Proxy support

This plugin supports sending data via proxy. Here is an example of the configuration:

output {
    coralogix {
        # Proxy settings
        proxy => {
            host => "PROXY_ADDRESS"
            port => PROXY_PORT
            user => "PROXY_USER" # Optional
            password => "PROXY_PASSWORD" # Optional

Start solving your production issues faster

Let's talk about how Coralogix can help you

Managed, scaled, and compliant monitoring, built for CI/CD

Get a demo

No credit card required

© 2021 Copyright Coralogix. All rights reserved.

Get a personalized demo

Jump on a call with one of our experts and get a live personalized demonstration