Toggle Light / Dark / Auto color theme

Toggle table of contents sidebar

Logstash

Logstash is a lightweight agent for forwarding logs from a variety of different sources. It’s sources are configured via input plugins and where it forwards data configured with output plugins. For more information on input plugins see the Logstash Input Plugins documentation.

Installation

Observe works with the OSS version of Logstash, which may be downloaded at Logstash Downloads. The Logstash setup and run guides can be found here: Logstash Setup and Run Guide.

Important

Logstash versions 7.13+ can no longer forward to Elasticsearch-compatible 3rd party APIs. To use Logstash with Observe, please ensure you are using an Apache2 licensed Logstash version 7.12 or earlier.

Requirements

To use Logstash you will need the following information:

1. Your Observe Customer ID

2. Your Observe ingest token

Configuration

1. Configure an ouput plugin to forward data to Observe:

   Add the following output configuration to your logstash.conf file, providing your Observe Customer ID and Ingest Token where indicated.

   output {
      elasticsearch {
          hosts => [ "https://collect.observeinc.com:443/v1/elastic" ] 
          user => "<Customer ID>"
          password => "<Ingest Token>"         
          ssl => true
      }
   }
   

FAQ

Retry on failure

Logstash supports retries. See the Logstash documentation for more information.