Logstash

Logstash is a lightweight agent for forwarding logs from a variety of different sources. It’s sources are configured via input plugins and where it forwards data configured with output plugins. For more information on input plugins see the Logstash Input Plugins documentation.

Installation

Observe works with the OSS version of Logstash, which may be downloaded at Logstash Downloads. The Logstash setup and run guides can be found here: Logstash Setup and Run Guide.

Requirements

To use Logstash you will need the following information:

1. Your Observe Customer ID

2. Your Observe ingest token

Configuration

1. Configure an ouput plugin to forward data to Observe:

   Add the following output configuration to your logstash.conf file, providing your Observe Customer ID and Ingest Token where indicated.

   output {
      elasticsearch {
          hosts => [ "https://collect.observeinc.com:443/v1/elastic" ] 
          user => "<Customer ID>"
          password => "<Ingest Token>"         
          ssl => true
          http_compression => true
      }
   }
   

FAQ

Retry on failure

Logstash supports retries. See the Logstash documentation for more information.