LOGIQ.AI
HomeLogFlowLogiqctlLogiqHub
Search…
Overview
Releases
EULA
End User License Agreement
Deploying LOGIQ
LOGIQ SaaS
LOGIQ Quickstart
LOGIQ PaaS deployment
Deploying LOGIQ PaaS on MicroK8s
Deploying LOGIQ PaaS on AWS
Deploying LOGIQ EKS on AWS using CloudFormation
Deploying LOGIQ EKS on AWS using custom AMI
Deploying Logiq EKS with AWS ALB
Deploying LOGIQ PaaS in Azure Kubernetes Service
INTEGRATIONS
Overview
Incident management
Generating a secure ingest token
AWS
Azure Databricks
Azure Event Hubs
Configuring Prometheus
Docker Syslog log driver
Docker Swarm logging
GCP Cloud Logging
IIS Logs on Windows
Filebeat
Fluent Bit
Fluentd
Logstash
MQTT
Open Telemetry
Rsyslogd
Palo Alto Firewall
Log Insights
Data extraction
Log Data Rewrite
Timestamp handling
LOGIQ Monitoring
Prometheus Data source
Elasticsearch Data source
JSON Data source
Vewing Logs
The LOGIQ UI
Terminology
Logs Page
Search Page
Metrics and Custom Indices
Reports
logiqctl
Role-Based Access Control (RBAC)
Configuring RBAC
ANOMALY DETECTION
Events
Event Rules
Alertable Events
Logs to time series event visualization
Example IIS Log Event Extraction Using Event Rules
COMPLIANCE
Audit Trail
LOGIQ STREAMING
Query API
LOGIQ Configuration
E-Mail Configuration
Single Sign-On with SAML
Log Ingest configuration
Terminology
Minimal server configuration
Server options
Sources
Destinations
Filters
Groupings
Rules
Credentials
Partitions
RUNNING ON AWS
Getting started
AWS IAM Resources
1-Click deployment using CloudFormation
Powered By GitBook
Logstash

Logstash

Syslog output plugin

1
input {
2
​
3
file {
4
path => "/var/log/syslog"
5
type => "syslog"
6
start_position => "beginning"
7
}
8
​
9
filter {
10
uuid {
11
target => "uuid"
12
}
13
}
14
​
15
output {
16
syslog { appname => "my-awesome-app"
17
host => "logiq-server-dns.my-domain.com"
18
protocol => "ssl-tcp"
19
msgid => "%{uuid}"
20
ssl_cert => "client.crt"
21
ssl_key => "client.key"
22
ssl_cacert => "logiq.crt"
23
ssl_verify => true
24
port => "7514"
25
rfc => "rfc5424"
26
id => "%{uuid}"
27
}
28
stdout { codec => rubydebug }
29
}
Copied!
NOTE: Change "host" , "appname", "ssl_cert", "ssl_key", "ssl_cacert" above to suit your configuration

HTTP output plugin

1
output {
2
http {
3
url => "https://logiq-dns-or-ip/v1/json_batch"
4
headers => { "Authorization" => "Bearer <Auth token>" }
5
http_method => "post"
6
format => "json_batch"
7
content_type => "json_batch"
8
pool_max => 300
9
pool_max_per_route => 100
10
socket_timeout => 60
11
}
12
}
Copied!
You can additionally control the data organization by specifying additional fields
1
filter {
2
mutate {
3
add_field => { "cluster_id" => "demo-http-test" }
4
add_field => { "namespace" => "namespace_name" }
5
add_field => { "app_name" => "application_name" }
6
add_field => { "proc_id" => "process_or_pod_identifier" }
7
}
8
}
Copied!
You can generate the Bearer token using logiqctl​
1
$logiqctl get httpingestkey
Copied!
INTEGRATIONS - Previous
Fluentd
Next - INTEGRATIONS
MQTT
Last modified 7mo ago
Export as PDF
Copy link
Contents
Logstash
Syslog output plugin
HTTP output plugin