Logstash
Logstash is a server app that ingests and parses log data. We recommend using it for shipping to Logz.io only when you have an existing Logstash configuration.
For most other cases, we recommend using Filebeat.
These instructions apply to Logstash running on MacOS, Linux and Windows.
Shipping with Logstash over HTTP
Before you begin, you'll need: JDK, Logstash
Add Logz.io to your configuration file
Add these code blocks to the end of your existing Logstash configuration file.
Make sure the mutate block is the last item in the filters block.
Replace <<LOG-SHIPPING-TOKEN>> with the token of the account you want to ship to.
Replace <<LISTENER-HOST>> with the host for your region.
filter {
# ...
# ...
mutate {
add_field => { "token" => "<<LOG-SHIPPING-TOKEN>>" }
}
}
output {
http {
url => "https://<<LISTENER-HOST>>:8071?token=<<LOG-SHIPPING-TOKEN>>&type=<LOG-TYPE>"
http_method => "post"
format => "json"
}
}
Start Logstash
Start or restart Logstash for the changes to take effect.
Check Logz.io for your logs
Give your logs some time to get from your system to ours, and then open Open Search Dashboards.
If you still don't see your logs, see log shipping troubleshooting.
Limitations
- Max body size: 10 MB (10,485,760 bytes).
- Max log line size: 500,000 bytes.
- Type field in the log overrides the
typein the request header.
Start Logstash
Start or restart Logstash for the changes to take effect.
Check Logz.io for your logs
Give your logs some time to get from your system to ours, and then open Open Search Dashboards.
If you still don't see your logs, see log shipping troubleshooting.