Logstash
Last updated
Last updated
has not an output for Logstash, but we can send records to Logstash by using it and configuring the from Logstash side.
In your fluent-bit
main configuration file append the following Output section:
where:
Host
: is the IP address or hostname of the target Logstash HTTP input server.
Port
: is the TCP port of the target Logstash HTTP input server.
Format
: is the communication format. Logstash added support to , but it seems to be uncompatible with fluent-bit
format. Due to that, we have to use json
format to transmit data from fluent-bit
to `logstash.
In your logstash
pipeline configuration file, append the following Input and Filter sections:
where:
input.http.port
: is the TCP port to bind to.
Previous configuration uses plain HTTP communication, which is insecure and can be intercepted. We can increase security by enabling TLS/SSL and adding basic authentication.
In your fluent-bit
main configuration append the folloging Output section:
where:
HTTP_User
: is the Basic Auth Username.
HTTP_Passwd
: is the Basic Auth Password.
In your logstash
pipeline configuration file, append the following Input and Filter sections:
where:
input.http.user
: is the user for basic authorization.
input.http.password
: is the password for basic authorization.
input.http.ssl*
: corresponds to the TLS / SSL configuration. Current Logstash http input version (v3.2.0
released on 2018-05-10
) only accepts PCK8 certificate format. We can create a valid self-signed certificate via:
By default Fluent Bit sends timestamp information on the date
field, but Logstash expects date information on @timestamp
field. In order to use date
field as a timestamp, we have to identify records providing from Fluent Bit. We can do it by adding metadata to records present on this input by add_field => { "[@metadata][input-http]" => "" }
. Then, we can use the filter plugin to convert date
field to @timestamp
, but only when records provide from this http input (via conditional if [@metadata][input-http] { ··· }
).
On the other hand, Logstash HTTP input plugin adds to each record information about http requester (fluent-bit in our case). As we don't need this information, we can remove it by using the and removing fields headers
& host
(these fields are customisable on logstash input filter by setting request_headers_target_field
and remote_host_target_field
respectively).
tls.*
: corresponds to the configuration. In our case, we gonna enable TLS communication without forcing the certificate validation because we gonna use a self-signed certificate. If you want to validate server certificate, configure it according to documentation.