OBSERVABILITY PLATFORM
Ingest
Logs
Logstash

Route logs from Logstash

You can route log data from Logstash to Chronosphere Observability Platform. To route logs, configure an HTTP output plugin (opens in a new tab) in your Logstash pipeline configuration file (opens in a new tab) that specifies your Observability Platform tenant as a destination.

  1. In your Logstash pipeline configuration file, add an output section that defines the http plugin:

    output {
  http {
     http_method=>"post"
     headers => {
         "Content-Type" => "application/json"
         "API-token" => "API_TOKEN"
     }
     url=>"https://TENANT.chronosphere.io/api/unstable/data/logs/structured"
     format=>"json_batch”
  }
}
    • Replace API_TOKEN with the API token generated from your service account. Chronosphere recommends storing your API token in a separate file or Kubernetes Secret and calling it using an environment variable, such as $API_TOKEN.
    • Replace TENANT with your organization name, prefixed to your Observability Platform instance. For example, MY_ORGANIZATION.chronosphere.io.
    • Optional: The format=>"json_batch” option collects each batch of events received by the output and places them into a single JSON array that's sent in one request.

  2. After defining the output, contact Chronosphere Support and indicate which field in your data contains log timestamps.

Google Cloud PlatformOpenTelemetry