Route logs from Logstash - Chronosphere Documentation

You can route log data from Logstash to Chronosphere Observability Platform. To route logs, configure an HTTP output plugin in your Logstash pipeline configuration file that specifies your Observability Platform tenant as a destination.

In your Logstash pipeline configuration file, add an output section that defines the http plugin:

output {
  http {
     http_method=>"post"
     headers => {
         "Content-Type" => "application/json"
         "API-token" => "API_TOKEN"
     }
     url=>"https://TENANT.chronosphere.io/api/v1/data/logs/ingest"
     format=>"json_batch"
  }
}

Optional: The format=>"json_batch" option collects each batch of events received by the output and places them into a single JSON array that’s sent in one request.

After defining the output, contact Chronosphere Support and indicate which field in your data contains log timestamps.