Logstash
Coralogix provides seamless integration with Logstash, so you can send your logs from anywhere and parse them according to your needs.
Prerequisites
- Logstash installed
Best Practices
We recommend using the generic http output plugin with this integration, given its high level of configurability and metric support for monitoring output.
Installation
STEP 1. Share the Ruby code snippet depicting the event structure as it flows through Logstash.
[Optional] Use this opportunity to set dynamic application and subsystem fields.
The example below adopts a JSON structure and has these fields: application, subsystem and host.
filter {
ruby {code => "
event.set('[@metadata][application]', event.get('application'))
event.set('[@metadata][subsystem]', event.get('subsystem'))
event.set('[@metadata][event]', event.to_json)
event.set('[@metadata][host]', event.get('host'))
"}
}
- If you prefer that the fields application, subsystem and host remain static, replace the
event.getwith a plain string, as in the example below.
filter {
ruby {code => "
event.set('[@metadata][application]', MyApplicationName)
event.set('[@metadata][subsystem]', MySubsystemName)
event.set('[@metadata][event]', event.to_json)
event.set('[@metadata][host]', event.get('host'))
"}
}
STEP 2. Once the Event is ready, configure the output itself to send the logs.
Input your Send-Your-Data API key.
Choose the https://ingress./logs/v1/singles endpoint that corresponds to your Coralogix domain using the domain selector at the top of the page.
output {
http {
url => "https://ingress./logs/v1/singles"
http_method => "post"
headers => ["authorization", "Bearer <Coralogix Send-Your-Data API key>"]
format => "json_batch"
codec => "json"
mapping => {
"applicationName" => "%{[@metadata][application]}"
"subsystemName" => "%{[@metadata][subsystem]}"
"computerName" => "%{[@metadata][host]}"
"text" => "%{[@metadata][event]}"
}
http_compression => true
automatic_retries => 5
retry_non_idempotent => true
connect_timeout => 30
keepalive => false
}
}
Additional resources
| Coralogix Endpoints | Coralogix Endpoints |