If you want to ship logs from your code but don’t have a library in place, you can send them directly to the Logz.io listener.

The listeners accept bulk uploads over an HTTP/HTTPS connection or TLS/SSL streams over TCP.

Bulk uploads over HTTP/HTTPS

The request path and header

For HTTPS shipping (recommended), use this URL configuration:


Otherwise, for HTTP shipping, use this configuration:


Replace <<LISTENER-HOST>> with your region’s listener host (for example, listener.logz.io). For more information on finding your account’s region, see Account region.

Query parameters

Replace <<SHIPPING-TOKEN>> with the token of the account you want to ship to.
type http-bulk
The log type you’ll use with this upload. This is shown in your logs under the type field in Kibana.
Logz.io applies parsing based on type.

The request body

Your request’s body is a list of logs, each in JSON Format, seperated by a new line.

For example:

{"message": "Hello there", "counter": 1}
{"message": "Hello again", "counter": 2}

Escape newlines inside a JSON string with \n.

If you include a type field in the log, it overrides type in the request header.


  • The body must be 10 MB (10,485,760 bytes) or less
  • Each log line must be 500,000 bytes or less

Code sample

echo $'{"message":"hello there", "counter": 1}\n{"message":"hello again", "counter": 2}' \
  | curl -X POST "http://listener.logz.io:8070?token=oPwWbJwsFeQSeSoUTVAaZVZYttszAsfg&type=test_http_bulk" -v --data-binary @-

Possible responses

If the response is 200 OK

All logs were received and validated. The response body is empty.

Check Kibana for your logs.

If the response is 400 BAD REQUEST

The input wasn’t valid.

The response body contains this JSON:

  "malformedLines": 2,
  "successfulLines": 10,
  "oversizedLines": 3,
  "emptyLogLines": 4

Response fields

The number of log lines that aren’t valid JSON
The number of valid JSON log lines received
The number of log lines that exceeded the line length limit
The number of empty log lines
If the response is 401 UNAUTHORIZED

The token query string parameter is missing or not valid. Make sure you’re using the right account token.

In the response body, you’ll see either “Logging token is missing” or “Logging token is not valid” as the reason for the response.

If the response is 413 REQUEST ENTITY TOO LARGE

The request body size is larger than 10 MB.

TLS/SSL streams over TCP

JSON log structure

Keep to these practices when shipping JSON logs over TCP:

  • Each log must be a single-line JSON object
  • Each log line must be 500,000 bytes or less
  • Include your account token as a top-level property:
    { ... "token": "<<SHIPPING-TOKEN>>" , ... }
    Replace <<SHIPPING-TOKEN>> with the token of the account you want to ship to.

Sending the logs

To send JSON logs over TCP, download the Logz.io public certificate to a local folder.

wget https://raw.githubusercontent.com/logzio/public-certificates/master/COMODORSADomainValidationSecureServerCA.crt

Using the certificate you just downloaded, send the logs to TCP port 5052 at your region’s listener host. For more information on finding your account’s region, see Account region.

Code sample: NXLog

To configure NXLog for log shipping, see Ship Windows logs (the NXLog tab).

User nxlog
Group nxlog
LogFile /var/log/nxlog/nxlog.log
LogLevel INFO
<Extension json>
    Module      xm_json
<Input in>
    Module  im_file
    File    "/var/log/samples.log"
    Exec    $token="oPwWbJwsFeQSeSoUTVAaZVZYttszAsfg"; $type="samples_log"; $message = $raw_event;
    SavePos TRUE
<Output out>
    Module  om_ssl
    CAFile /etc/nxlog/certs/COMODORSADomainValidationSecureServerCA.crt
    AllowUntrusted FALSE
    Host    listener.logz.io
    Exec    $OutputModule="om_ssl"; to_json();
    Port    5052
<Route 1>
    Path    in => out