HTTP
- Bulk uploads over HTTP/HTTPS
- Bulk uploads over TCP
To ship logs directly to the Logz.io listener, send them as minified JSON files over an HTTP/HTTPS connection.
Request path and header
For HTTPS (recommended):
https://<<LISTENER-HOST>>:8071?token=<<LOG-SHIPPING-TOKEN>>&type=<<MY-TYPE>>
For HTTP:
http://<<LISTENER-HOST>>:8070?token=<<LOG-SHIPPING-TOKEN>>&type=<<MY-TYPE>>
Replace the placeholders to match your specifics. (They are indicated by the double angle brackets << >>):
Replace
<<LOG-SHIPPING-TOKEN>>with the token of the account you want to ship to.Replace
<<LISTENER-HOST>>with the host for your region.Declare your log type for parsing purposes. Logz.io applies default parsing pipelines to the following list of built-in log types. If you declare another type, contact support for assistance with custom parsing. Can't contain spaces. Otherwise, the default
typeishttp-bulk.
Request body
The request body is a list of logs in minified JSON format, with each log separated by a newline (\n).
Example:
{"message": "Hello there", "counter": 1}
{"message": "Hello again", "counter": 2}
Limitations
- Max body size: 10 MB (10,485,760 bytes).
- Max log line size: 500,000 bytes.
- Type field in the log overrides the
typein the request header.
For example:
echo $'{"message":"hello there", "counter": 1}\n{"message":"hello again", "counter": 2}' \
| curl -X POST "http://<<LISTENER-HOST>>:8070?token=<<LOG-SHIPPING-TOKEN>>&type=test_http_bulk" \
-H "user-agent:logzio-json-logs" \
-v --data-binary @-
Possible responses
200 OK
All logs received and validated. Allow some time for data ingestion, then open Logz.io Log Management account.
The response body is empty.
400 BAD REQUEST
Invalid input. Response example:
{
"malformedLines": 2, #The number of log lines that aren't valid JSON
"successfulLines": 10, #The number of valid JSON log lines received
"oversizedLines": 3, #The number of log lines that exceeded the line length limit
"emptyLogLines": 4 #The number of empty log lines
}
401 UNAUTHORIZED
Missing or invalid token query string parameter. Ensure you're using the correct account token.
Response: "Logging token is missing" or "Logging token is not valid".
413 REQUEST ENTITY TOO LARGE
Request body size exceeds 10 MB.
To ship logs directly to the Logz.io listener, send them as minified JSON files over an HTTP/HTTPS connection.
JSON log structure
Follow these practices when shipping JSON logs over TCP:
- Each log must be a single-line JSON object.
- Each log line must be 500,000 bytes or less.
- Each log line must be followed by a
\n(even the last log). - Include your account token as a top-level property:
{ ... "token": "<<LOG-SHIPPING-TOKEN>>" , ... }.
Send TLS/SSL streams over TCP
Download the Logz.io public certificate
For HTTPS shipping, download the Logz.io public certificate to your certificate authority folder.
sudo curl https://raw.githubusercontent.com/logzio/public-certificates/master/AAACertificateServices.crt --create-dirs -o /etc/pki/tls/certs/COMODORSADomainValidationSecureServerCA.crt
Send the logs
Using the downloaded certificate, send logs to TCP port 5052 on your region's listener host. For details on finding your account's region, refer to the Account region section.
Check Logz.io for your logs
Allow some time for data ingestion, then open Open Search Dashboards.
Encounter an issue? See our log shipping troubleshooting guide.