OBSERVABILITY PLATFORM
Investigate
Logs
Route logs from Logstash

Route logs from Logstash

This feature is available only to specific Chronosphere Observability Platform users, and has not been announced or officially released. Do not share or discuss this feature, or information about it, with anyone outside of your organization.

You can route log data from Logstash to Chronosphere Observability Platform. To route logs, configure an HTTP output plugin (opens in a new tab) in your Logstash pipeline configuration file (opens in a new tab) that specifies your Observability Platform tenant as a destination.

  1. In your Logstash pipeline configuration file, add an output section that defines the http plugin:

    output {
  http {
     http_method=>"post"
     headers => {
         "Content-Type" => "application/json"
         "API-token" => "API_TOKEN"
     }
     url=>"https://TENANT.chronosphere.io/api/unstable/data/logs/structured"
     format=>"json_batch”
  }
}
    • Replace API_TOKEN with the API token generated from your service account. Chronosphere recommends storing your API token in a separate file or Kubernetes Secret and calling it using an environment variable, such as $API_TOKEN.
    • Replace TENANT with your organization name, prefixed to your Observability Platform instance. For example, MY_ORGANIZATION.chronosphere.io.
    • Optional: The format=>"json_batch” option collects each batch of events received by the output and places them into a single JSON array that's sent in one request.

  2. After defining the output, contact Chronosphere Support and indicate which field in your data contains log timestamps.

External tasksLive Telemetry Analyzer