Skip to main content
You can route log data from Logstash to Chronosphere Observability Platform. To route logs, configure an HTTP output plugin in your Logstash pipeline configuration file that specifies your Observability Platform tenant as a destination.
  1. In your Logstash pipeline configuration file, add an output section that defines the http plugin: 
    output {
  http {
     http_method=>"post"
     headers => {
         "Content-Type" => "application/json"
         "API-token" => "API_TOKEN"
     }
     url=>"https://TENANT.chronosphere.io/api/v1/data/logs/ingest"
     format=>"json_batch"
  }
}
    • Replace API_TOKEN with the API token generated from your service account. Chronosphere recommends storing your API token in a separate file or Kubernetes Secret and calling it using an environment variable, such as $API_TOKEN.
    • Replace ADDRESS with your company name prefixed to your Observability Platform instance that ends in .chronosphere.io (for example, acme-corp.chronosphere.io).
    • Optional: The format=>"json_batch" option collects each batch of events received by the output and places them into a single JSON array that’s sent in one request.
  2. After defining the output, contact Chronosphere Support and indicate which field in your data contains log timestamps.