Logstash

Logstash

Syslog output plugin

1
input {
2
3
file {
4
path => "/var/log/syslog"
5
type => "syslog"
6
start_position => "beginning"
7
}
8
9
filter {
10
uuid {
11
target => "uuid"
12
}
13
}
14
15
output {
16
syslog { appname => "my-awesome-app"
17
host => "logiq-server-dns.my-domain.com"
18
protocol => "ssl-tcp"
19
msgid => "%{uuid}"
20
ssl_cert => "client.crt"
21
ssl_key => "client.key"
22
ssl_cacert => "logiq.crt"
23
ssl_verify => true
24
port => "7514"
25
rfc => "rfc5424"
26
id => "%{uuid}"
27
}
28
stdout { codec => rubydebug }
29
}
Copied!
NOTE: Change "host" , "appname", "ssl_cert", "ssl_key", "ssl_cacert" above to suit your configuration

HTTP output plugin

1
output {
2
http {
3
url => "https://logiq-dns-or-ip/v1/json_batch"
4
headers => { "Authorization" => "Bearer <Auth token>" }
5
http_method => "post"
6
format => "json_batch"
7
content_type => "json_batch"
8
pool_max => 300
9
pool_max_per_route => 100
10
socket_timeout => 60
11
}
12
}
Copied!
You can additionally control the data organization by specifying additional fields
1
filter {
2
mutate {
3
add_field => { "cluster_id" => "demo-http-test" }
4
add_field => { "namespace" => "namespace_name" }
5
add_field => { "app_name" => "application_name" }
6
add_field => { "proc_id" => "process_or_pod_identifier" }
7
}
8
}
Copied!
You can generate the Bearer token using logiqctl
1
$logiqctl get httpingestkey
Copied!
Last modified 1mo ago