By default, Logstash uses the
node protocol setting to ship data to Elasticsearch. When you use
the node protocol, the Logstash instance joins the Elasticsearch cluster and shares the cluster
Watcher requires the License plugin to be installed on all instances in the cluster, including
the Logstash instance. To use Watcher in combination with the Logstash node protocol, you
must install the License plugin on top of Logstash. To do this, we’ve created a special
Logstash plugin called
logstash-output-elasticsearch-plugin. This plugin simply pulls the
License jar file (elasticsearch-license-1.0.0.jar) and adds it to the classpath.
If you’re using the Logstash
http protocol, you do not need to install the
License plugin. The License plugin is only required if you’re using the
To install the Logstash License plugin:
- Shutdown the Logstash instance(s) that are shipping data to Elasticsearch.
bin/plugin installto install the Logstash license plugin:
bin/plugin install logstash-output-elasticsearch-license
- Restart the Logstash instance(s).
Integrating Watcher with Logstash provides users a powerful pipeline to further transform and enrich watch payloads. Integrating with Logstash also enables you to send watches to the rich collection of outputs supported by Logstash.
For Logstash to receive data from Watcher, you need to enable the
http input. The
launches a webserver and listens for incoming requests. The
http input supports basic auth and HTTPS.
Once the Logstash
http input is enabled, you post data to Logstash with the
http input is built in to Logstash 1.5.2 and above. To use the
http input with
earlier versions of Logstash, install the
logstash-input-http plugin by
bin/plugin install logstash-input-http.
To configure Logstash to listen for incoming HTTP requests, add an
http input definition to
your Logstash coniguration file:
For more information about using a
webhook action to send data to Logstash, see
Configuring Webhook Actions.