Logstash

Logstash provides a lightweight agent for forwarding logs from a variety of different sources. You configure the sources using input plugins and output data using output plugins. For more information on input plugins, see Logstash Input Plugins documentation.

Installation

Observe works with the OSS version of Logstash, which may be downloaded at Logstash Downloads. The Logstash setup and run guides can be found here: Logstash Setup and Run Guide.

Requirements

To use Logstash, you need the following information:

1. Your Observe Customer ID

2. Your Observe ingest token

Configuration

1. Configure an ouput plugin to forward data to Observe:

Add the following output configuration to your logstash.conf file, providing your Observe Customer ID and Ingest Token where indicated.

output {
   elasticsearch {
       hosts => [ "https://collect.observeinc.com:443/v1/elastic" ] 
       user => "<Customer ID>"
       password => "<Ingest Token>"         
       ssl => true
       http_compression => true
   }
}

Retry on failure

Logstash supports retries. See the Logstash documentation for more information.