- Integration plugins
- aws
- elastic_enterprise_search
- jdbc
- kafka
- v11.5.3
- v11.5.2
- v11.5.1
- v11.5.0
- v11.4.2
- v11.4.1
- v11.4.0
- v11.3.4
- v11.3.3
- v11.3.2
- v11.3.1
- v11.3.0
- v11.2.1
- v11.2.0
- v11.1.0
- v11.0.0
- v10.12.1
- v10.12.0
- v10.11.0
- v10.10.0
- v10.9.0
- v10.8.2
- v10.8.1
- v10.8.0
- v10.7.7
- v10.7.6
- v10.7.5
- v10.7.4
- v10.7.3
- v10.7.2
- v10.7.1
- v10.7.0
- v10.6.0
- v10.5.3
- v10.5.2
- v10.5.1
- v10.5.0
- v10.4.0
- v10.3.0
- v10.2.0
- v10.1.0
- v10.0.1
- v10.0.0
- logstash
- rabbitmq
- snmp
- Input plugins
- azure_event_hubs
- beats
- v7.0.0
- v6.9.1
- v6.9.0
- v6.8.4
- v6.8.3
- v6.8.2
- v6.8.1
- v6.8.0
- v6.7.2
- v6.7.1
- v6.7.0
- v6.6.4
- v6.6.3
- v6.6.2
- v6.6.1
- v6.6.0
- v6.5.0
- v6.4.4
- v6.4.3
- v6.4.1
- v6.4.0
- v6.3.1
- v6.3.0
- v6.2.6
- v6.2.5
- v6.2.4
- v6.2.3
- v6.2.2
- v6.2.1
- v6.2.0
- v6.1.6
- v6.1.5
- v6.1.4
- v6.1.3
- v6.1.2
- v6.1.1
- v6.1.0
- v6.0.14
- v6.0.13
- v6.0.12
- v6.0.11
- v6.0.10
- v6.0.9
- v6.0.8
- v6.0.7
- v6.0.6
- v6.0.5
- v6.0.4
- v6.0.3
- v6.0.2
- v6.0.1
- v6.0.0
- v5.1.11
- v5.1.10
- v5.1.9
- v5.1.8
- v5.1.7
- v5.1.6
- v5.1.5
- v5.1.4
- v5.1.3
- v5.1.0
- v5.0.16
- v5.0.15
- v5.0.14
- v5.0.13
- v5.0.11
- v5.0.10
- v5.0.9
- v5.0.8
- v5.0.6
- v5.0.5
- v5.0.4
- v5.0.3
- v5.0.2
- v5.0.1
- v5.0.0
- v4.0.5
- v4.0.4
- v4.0.3
- v4.0.2
- v4.0.1
- v3.1.32
- v3.1.31
- v3.1.30
- v3.1.29
- v3.1.28
- v3.1.27
- v3.1.26
- v3.1.25
- v3.1.24
- v3.1.23
- v3.1.22
- v3.1.21
- v3.1.20
- v3.1.19
- v3.1.18
- v3.1.17
- cloudwatch
- couchdb_changes
- dead_letter_queue
- drupal_dblog
- elastic_agent
- elastic_serverless_forwarder
- elasticsearch
- v4.20.5
- v4.20.4
- v4.20.3
- v4.20.2
- v4.20.1
- v4.20.0
- v4.19.1
- v4.19.0
- v4.18.0
- v4.17.2
- v4.17.1
- v4.17.0
- v4.16.0
- v4.15.0
- v4.14.0
- v4.13.0
- v4.12.3
- v4.12.2
- v4.12.1
- v4.12.0
- v4.11.0
- v4.10.0
- v4.9.3
- v4.9.2
- v4.9.1
- v4.9.0
- v4.8.1
- v4.8.0
- v4.7.1
- v4.7.0
- v4.6.2
- v4.6.1
- v4.6.0
- v4.5.0
- v4.4.0
- v4.3.3
- v4.3.2
- v4.3.1
- v4.3.0
- v4.2.1
- v4.2.0
- v4.1.1
- v4.1.0
- v4.0.6
- v4.0.5
- v4.0.4
- eventlog
- exec
- file
- ganglia
- gelf
- gemfire
- generator
- github
- google_cloud_storage
- google_pubsub
- graphite
- heartbeat
- heroku
- http
- http_poller
- imap
- irc
- jdbc
- v5.5.1
- v5.5.0
- v5.4.11
- v5.4.10
- v5.4.9
- v5.4.8
- v5.4.7
- v5.4.6
- v5.4.5
- v5.4.4
- v5.4.3
- v5.4.2
- v5.4.1
- v5.4.0
- v5.3.0
- v5.2.6
- v5.2.5
- v5.2.4
- v5.2.3
- v5.2.2
- v5.2.1
- v5.2.0
- v5.1.10
- v5.1.8
- v5.1.7
- v5.1.6
- v5.1.5
- v5.1.4
- v5.1.3
- v5.1.2
- v5.1.1
- v5.1.0
- v5.0.7
- v5.0.6
- v5.0.5
- v5.0.4
- v5.0.3
- v5.0.2
- v5.0.1
- v5.0.0
- v4.3.19
- v4.3.18
- v4.3.17
- v4.3.16
- v4.3.14
- v4.3.13
- v4.3.12
- v4.3.11
- v4.3.9
- v4.3.8
- v4.3.7
- v4.3.6
- v4.3.5
- v4.3.4
- v4.3.3
- v4.3.2
- v4.3.1
- v4.3.0
- v4.2.4
- v4.2.3
- v4.2.2
- v4.2.1
- jms
- jmx
- journald
- kafka
- v11.5.3
- v11.5.2
- v11.5.1
- v11.5.0
- v11.4.2
- v11.4.1
- v11.4.0
- v11.3.4
- v11.3.3
- v11.3.2
- v11.3.1
- v11.3.0
- v11.2.1
- v11.2.0
- v11.1.0
- v11.0.0
- v10.12.1
- v10.12.0
- v10.11.0
- v10.10.0
- v10.9.0
- v10.8.2
- v10.8.1
- v10.8.0
- v10.7.7
- v10.7.6
- v10.7.5
- v10.7.4
- v10.7.3
- v10.7.2
- v10.7.1
- v10.7.0
- v10.6.0
- v10.5.3
- v10.5.2
- v10.5.1
- v10.5.0
- v10.4.0
- v10.3.0
- v10.2.0
- v10.1.0
- v10.0.1
- v10.0.0
- v9.1.0
- v9.0.1
- v9.0.0
- v8.3.1
- v8.3.0
- v8.2.1
- v8.2.0
- v8.1.1
- v8.1.0
- v8.0.6
- v8.0.4
- v8.0.2
- v8.0.0
- v7.0.0
- v6.3.4
- v6.3.3
- v6.3.2
- v6.3.0
- kinesis
- log4j
- logstash
- lumberjack
- meetup
- neo4j
- pipe
- puppet_facter
- rabbitmq
- rackspace
- redis
- relp
- rss
- s3
- salesforce
- snmp
- snmptrap
- sqlite
- sqs
- stdin
- stomp
- syslog
- tcp
- v6.4.4
- v6.4.3
- v6.4.2
- v6.4.1
- v6.4.0
- v6.3.5
- v6.3.4
- v6.3.3
- v6.3.2
- v6.3.1
- v6.3.0
- v6.2.7
- v6.2.6
- v6.2.5
- v6.2.4
- v6.2.3
- v6.2.2
- v6.2.1
- v6.2.0
- v6.1.1
- v6.1.0
- v6.0.10
- v6.0.9
- v6.0.8
- v6.0.7
- v6.0.6
- v6.0.5
- v6.0.4
- v6.0.3
- v6.0.2
- v6.0.1
- v6.0.0
- v5.2.7
- v5.2.6
- v5.2.5
- v5.2.4
- v5.2.3
- v5.2.2
- v5.2.1
- v5.2.0
- v5.1.0
- v5.0.10
- v5.0.9
- v5.0.8
- v5.0.7
- v5.0.5
- v5.0.4
- v5.0.3
- v5.0.2
- v5.0.1
- v5.0.0
- v4.2.4
- v4.2.3
- v4.2.2
- v4.1.2
- udp
- unix
- varnishlog
- websocket
- wmi
- xmpp
- zenoss
- zeromq
- Output plugins
- appsearch
- boundary
- circonus
- cloudwatch
- csv
- datadog
- datadog_metrics
- elastic_app_search
- elastic_workplace_search
- elasticsearch
- v11.22.10
- v11.22.9
- v11.22.8
- v11.22.7
- v11.22.6
- v11.22.5
- v11.22.4
- v11.22.3
- v11.22.2
- v11.22.1
- v11.22.0
- v11.21.0
- v11.20.1
- v11.20.0
- v11.19.0
- v11.18.0
- v11.17.0
- v11.16.0
- v11.15.9
- v11.15.8
- v11.15.7
- v11.15.6
- v11.15.5
- v11.15.4
- v11.15.2
- v11.15.1
- v11.15.0
- v11.14.1
- v11.14.0
- v11.13.1
- v11.13.0
- v11.12.4
- v11.12.3
- v11.12.2
- v11.12.1
- v11.12.0
- v11.11.0
- v11.10.0
- v11.9.3
- v11.9.2
- v11.9.1
- v11.9.0
- v11.8.0
- v11.7.0
- v11.6.0
- v11.5.0
- v11.4.2
- v11.4.1
- v11.4.0
- v11.3.3
- v11.3.2
- v11.3.1
- v11.3.0
- v11.2.3
- v11.2.2
- v11.2.1
- v11.2.0
- v11.1.0
- v11.0.5
- v11.0.4
- v11.0.3
- v11.0.2
- v11.0.1
- v11.0.0
- v10.8.6
- v10.8.4
- v10.8.3
- v10.8.2
- v10.8.1
- v10.8.0
- v10.7.3
- v10.7.0
- v10.6.2
- v10.6.1
- v10.6.0
- v10.5.1
- v10.5.0
- v10.4.2
- v10.4.1
- v10.4.0
- v10.3.3
- v10.3.2
- v10.3.1
- v10.3.0
- v10.2.3
- v10.2.2
- v10.2.1
- v10.2.0
- v10.1.0
- v10.0.2
- v10.0.1
- v9.4.0
- v9.3.2
- v9.3.1
- v9.3.0
- v9.2.4
- v9.2.3
- v9.2.1
- v9.2.0
- v9.1.4
- v9.1.3
- v9.1.2
- v9.1.1
- v9.0.3
- v9.0.2
- v9.0.0
- v8.2.2
- v8.2.0
- v8.1.1
- v8.0.1
- v8.0.0
- v7.4.3
- v7.4.2
- v7.4.1
- v7.4.0
- v7.3.8
- v7.3.7
- v7.3.6
- v7.3.5
- v7.3.4
- v7.3.3
- v7.3.2
- elasticsearch_java
- exec
- file
- ganglia
- gelf
- gemfire
- google_bigquery
- google_cloud_storage
- google_pubsub
- graphite
- graphtastic
- hipchat
- http
- influxdb
- irc
- jira
- jms
- juggernaut
- kafka
- v11.5.3
- v11.5.2
- v11.5.1
- v11.5.0
- v11.4.2
- v11.4.1
- v11.4.0
- v11.3.4
- v11.3.3
- v11.3.2
- v11.3.1
- v11.3.0
- v11.2.1
- v11.2.0
- v11.1.0
- v11.0.0
- v10.12.1
- v10.12.0
- v10.11.0
- v10.10.0
- v10.9.0
- v10.8.2
- v10.8.1
- v10.8.0
- v10.7.7
- v10.7.6
- v10.7.5
- v10.7.4
- v10.7.3
- v10.7.2
- v10.7.1
- v10.7.0
- v10.6.0
- v10.5.3
- v10.5.2
- v10.5.1
- v10.5.0
- v10.4.0
- v10.3.0
- v10.2.0
- v10.1.0
- v10.0.1
- v10.0.0
- v8.1.0
- v8.0.2
- v8.0.1
- v8.0.0
- v7.3.2
- v7.3.1
- v7.3.0
- v7.2.1
- v7.2.0
- v7.1.3
- v7.1.2
- v7.1.1
- v7.1.0
- v7.0.10
- v7.0.8
- v7.0.7
- v7.0.6
- v7.0.4
- v7.0.3
- v7.0.1
- v7.0.0
- v6.2.4
- v6.2.2
- v6.2.1
- v6.2.0
- librato
- loggly
- logstash
- lumberjack
- metriccatcher
- monasca_log_api
- mongodb
- nagios
- nagios_nsca
- neo4j
- null
- opentsdb
- pagerduty
- pipe
- rabbitmq
- rackspace
- redis
- redmine
- riak
- riemann
- s3
- slack
- sns
- solr_http
- sqs
- statsd
- stdout
- stomp
- syslog
- tcp
- timber
- udp
- webhdfs
- websocket
- xmpp
- zabbix
- zeromq
- Filter plugins
- age
- aggregate
- alter
- anonymize
- bytes
- checksum
- cidr
- cipher
- clone
- collate
- csv
- date
- de_dot
- dissect
- dns
- drop
- elapsed
- elastic_integration
- elasticsearch
- emoji
- environment
- extractnumbers
- fingerprint
- geoip
- grok
- hashid
- http
- i18n
- jdbc_static
- v5.5.1
- v5.5.0
- v5.4.11
- v5.4.10
- v5.4.9
- v5.4.8
- v5.4.7
- v5.4.6
- v5.4.5
- v5.4.4
- v5.4.3
- v5.4.2
- v5.4.1
- v5.4.0
- v5.3.0
- v5.2.6
- v5.2.5
- v5.2.4
- v5.2.3
- v5.2.2
- v5.2.1
- v5.2.0
- v5.1.10
- v5.1.8
- v5.1.7
- v5.1.6
- v5.1.5
- v5.1.4
- v5.1.3
- v5.1.2
- v5.1.1
- v5.1.0
- v5.0.7
- v5.0.6
- v5.0.5
- v5.0.4
- v5.0.3
- v5.0.2
- v5.0.1
- v5.0.0
- v1.1.0
- v1.0.7
- v1.0.6
- v1.0.5
- v1.0.4
- v1.0.3
- v1.0.2
- v1.0.1
- v1.0.0
- jdbc_streaming
- v5.5.1
- v5.5.0
- v5.4.11
- v5.4.10
- v5.4.9
- v5.4.8
- v5.4.7
- v5.4.6
- v5.4.5
- v5.4.4
- v5.4.3
- v5.4.2
- v5.4.1
- v5.4.0
- v5.3.0
- v5.2.6
- v5.2.5
- v5.2.4
- v5.2.3
- v5.2.2
- v5.2.1
- v5.2.0
- v5.1.10
- v5.1.8
- v5.1.7
- v5.1.6
- v5.1.5
- v5.1.4
- v5.1.3
- v5.1.2
- v5.1.1
- v5.1.0
- v5.0.7
- v5.0.6
- v5.0.5
- v5.0.4
- v5.0.3
- v5.0.2
- v5.0.1
- v5.0.0
- v1.0.10
- v1.0.9
- v1.0.7
- v1.0.6
- v1.0.5
- v1.0.4
- v1.0.3
- v1.0.2
- v1.0.1
- json
- json_encode
- kv
- math
- memcached
- metaevent
- metricize
- metrics
- multiline
- mutate
- oui
- prune
- punct
- range
- ruby
- sleep
- split
- syslog_pri
- throttle
- tld
- translate
- truncate
- unique
- urldecode
- useragent
- uuid
- xml
- yaml
- zeromq
- Codec plugins
Loggly output plugin v5.0.0
editLoggly output plugin v5.0.0
edit- Plugin version: v5.0.0
- Released on: 2018-05-21
- Changelog
For other versions, see the overview list.
To learn more about Logstash, see the Logstash Reference.
Getting help
editFor questions about the plugin, open a topic in the Discuss forums. For bugs or feature requests, open an issue in Github. For the list of Elastic supported plugins, please consult the Elastic Support Matrix.
Description
editGot a loggly account? Use logstash to ship logs to Loggly!
This is most useful so you can use logstash to parse and structure your logs and ship structured, json events to your account at Loggly.
To use this, you’ll need to use a Loggly input with type http and json logging enabled.
Loggly Output Configuration Options
editThis plugin supports the following configuration options plus the Common options described later.
Setting | Input type | Required |
---|---|---|
No |
||
No |
||
No |
||
Yes |
||
Yes |
||
Yes |
||
No |
||
No |
||
No |
||
No |
||
No |
||
No |
||
No |
Also see Common options for a list of options supported by all output plugins.
can_retry
edit- Value type is boolean
-
Default value is
true
Can Retry. Setting this value true helps user to send multiple retry attempts if the first request fails
convert_timestamp
edit- Value type is boolean
-
Default value is
true
The plugin renames Logstash’s @timestamp field to timestamp before sending, so that Loggly recognizes it automatically.
This will do nothing if your event doesn’t have a @timestamp field or if your event already has a timestamp field.
Note that the actual Logstash event is not modified by the output. This modification only happens on a copy of the event, prior to sending.
host
edit- Value type is string
-
Default value is
"logs-01.loggly.com"
The hostname to send logs to. This should target the loggly http input server which is usually "logs-01.loggly.com" (Gen2 account). See the Loggly HTTP endpoint documentation.
key
edit- This is a required setting.
- Value type is string
- There is no default value for this setting.
The loggly http customer token to use for sending. You can find yours in "Source Setup", under "Customer Tokens".
You can use %{foo}
field lookups here if you need to pull the api key from
the event. This is mainly aimed at multitenant hosting providers who want
to offer shipping a customer’s logs to that customer’s loggly account.
max_event_size
edit- This is a required setting.
- Value type is bytes
- Default value is 1 Mib
The Loggly API supports event size up to 1 Mib.
You should only need to change this setting if the API limits have changed and you need to override the plugin’s behaviour.
See the Loggly bulk API documentation
max_payload_size
edit- This is a required setting.
- Value type is bytes
- Default value is 5 Mib
The Loggly API supports API call payloads up to 5 Mib.
You should only need to change this setting if the API limits have changed and you need to override the plugin’s behaviour.
See the Loggly bulk API documentation
proto
edit- Value type is string
-
Default value is
"http"
Should the log action be sent over https instead of plain http
retry_count
edit- Value type is number
-
Default value is
5
Retry count. It may be possible that the request may timeout due to slow Internet connection if such condition appears, retry_count helps in retrying request for multiple times It will try to submit request until retry_count and then halt
tag
edit- Value type is string
-
Default value is
"logstash"
Loggly Tags help you to find your logs in the Loggly dashboard easily.
You can search for a tag in Loggly using "tag:logstash"
.
If you need to specify multiple tags here on your events,
specify them as outlined in the tag documentation.
E.g. "tag" => "foo,bar,myApp"
.
You can also use "tag" => "%{somefield}"
to take your tag value from somefield
on your event.
Helpful for leveraging Loggly source groups.
Common options
editThese configuration options are supported by all output plugins:
codec
edit- Value type is codec
-
Default value is
"plain"
The codec used for output data. Output codecs are a convenient method for encoding your data before it leaves the output without needing a separate filter in your Logstash pipeline.
enable_metric
edit- Value type is boolean
-
Default value is
true
Disable or enable metric logging for this specific plugin instance. By default we record all the metrics we can, but you can disable metrics collection for a specific plugin.
id
edit- Value type is string
- There is no default value for this setting.
Add a unique ID
to the plugin configuration. If no ID is specified, Logstash will generate one.
It is strongly recommended to set this ID in your configuration. This is particularly useful
when you have two or more plugins of the same type. For example, if you have 2 loggly outputs.
Adding a named ID in this case will help in monitoring Logstash when using the monitoring APIs.
output { loggly { id => "my_plugin_id" } }
On this page