Logstash

Logstash provides a lightweight agent for forwarding logs from various sources. You configure the sources using input plugins and output data using output plugins. For more information on input plugins, see Logstash Input Plugins documentation.

Installation

Observe works with the OSS version of Logstash, which may be downloaded at Logstash Downloads. The Logstash setup and run guides can be found here: Logstash Setup and Run Guide.

Requirements

To use Logstash, you need the following information:

1. Your Observe Customer ID

2. Your Observe ingest token

Configuration

1. Configure an output plugin to forward data to Observe by adding the following output configuration to your logstash.conf file and providing your Observe Customer ID and Ingest Token where indicated.

   output {
      elasticsearch {
          hosts => [ "https://${OBSERVE_CUSTOMER}.collect.observeinc.com:443/v1/elastic" ] 
          headers => [ "Authorization": "Bearer ${OBSERVE_TOKEN}" ] 
          ssl => true
          http_compression => true
      }
   }
   

Retry on failure

Logstash supports retries. See the Logstash documentation for more information.