Coralogix provides a seamless integration with Logstash so you can send your logs from anywhere and parse them according to your needs.
Table of contents
Have Logstash installed, for more information on how to install: https://www.elastic.co/guide/en/logstash/current/installing-logstash.html
Private Key – A unique ID which represents your company, this Id will be sent to your mail once you register to Coralogix..
Application Name – Used to separate your environment, e.g. SuperApp-test/SuperApp-prod.
SubSystem Name – Your application probably has multiple subsystems, for example: Backend servers, Middleware, Frontend servers etc. in order to help you examine the data you need, inserting the subsystem parameter is vital.
logstash-plugin install logstash-output-coralogix_logger
If you are not sure where logstash-plugin is located, you can check here:
Open your Logstash configuration file and add Coralogix output. (You should configure input plugin depending on your needs, for more information regarding input plugins please refer to: https://www.elastic.co/guide/en/logstash/current/input-plugins.html)
The first key (config_params) is mandatory while the other two are optional. In case your input stream is a JSON object, you can extract APP_NAME and/or SUB_SYSTEM from the JSON using the $ sign. For instance, if we set our application name to be ‘$message.system’ then the system will extract “nginx” for the below message and place it under application name.
Timestamp: Coralogix automatically generates the timestamp based on the log arrival time. If you rather use your own timestamp, use the “timestamp_key_name” to specify your timestamp field, and it will be read from your log.
In case your input stream is a JSON object and you don’t want to send the entire JSON, rather just a portion of it, you can write the value of the key you want to send in the log_key_name. By default, logstash will put your raw log message in the “message” key.
For instance, in the above example, if you write log_key_name message then only the value of message key will be sent to Coralogix. If you do want to send the entire message then you can just delete this key.
In case your raw log message is a JSON object you should set is_json key to a “true” value, otherwise you can ignore it.