62 lines
2.6 KiB
Plaintext
62 lines
2.6 KiB
Plaintext
|
[[logstash-integration]]
|
||
|
=== Integrating Watcher with Logstash
|
||
|
|
||
|
By default, Logstash uses the `node` protocol setting to ship data to Elasticsearch. When you use
|
||
|
the node protocol, the Logstash instance joins the Elasticsearch cluster and shares the cluster
|
||
|
state.
|
||
|
|
||
|
Watcher requires the License plugin to be installed on all instances in the cluster, including
|
||
|
the Logstash instance. To use Watcher in combination with the Logstash node protocol, you
|
||
|
must install the License plugin on top of Logstash. To do this, we've created a special
|
||
|
Logstash plugin called `logstash-output-elasticsearch-plugin`. This plugin simply pulls the
|
||
|
License jar file (elasticsearch-license-1.0.0.jar) and adds it to the classpath.
|
||
|
|
||
|
NOTE: If you're using the Logstash `transport` or `http` protocol, you do not need to install the
|
||
|
License plugin. The License plugin is only required if you're using the `node` protocol.
|
||
|
|
||
|
To install the Logstash License plugin:
|
||
|
|
||
|
. Shutdown the Logstash instance(s) that are shipping data to Elasticsearch.
|
||
|
. Run `bin/plugin install` to install the Logstash license plugin:
|
||
|
+
|
||
|
[source,js]
|
||
|
--------------------------------------------------
|
||
|
bin/plugin install logstash-output-elasticsearch-license
|
||
|
--------------------------------------------------
|
||
|
+
|
||
|
. Restart the Logstash instance(s).
|
||
|
|
||
|
==== Using Logstash for Watch Actions
|
||
|
|
||
|
Integrating Watcher with Logstash provides users a powerful pipeline to further transform and enrich watch payloads. Integrating with Logstash also enables you to send watches to the rich collection of outputs supported by Logstash.
|
||
|
|
||
|
For Logstash to receive data from Watcher, you need to enable the `http` input. The `http` input
|
||
|
launches a webserver and listens for incoming requests. The
|
||
|
Logstash `http` input supports basic auth and HTTPS.
|
||
|
|
||
|
Once the Logstash `http` input is enabled, you post data to Logstash with the
|
||
|
<<actions-webhook, `webhook`>> action.
|
||
|
|
||
|
NOTE: The `http` input is built in to Logstash 1.5.2 and above. To use the `http` input with
|
||
|
earlier versions of Logstash, install the `logstash-input-http` plugin by
|
||
|
running `bin/plugin install logstash-input-http`.
|
||
|
|
||
|
To configure Logstash to listen for incoming HTTP requests, add an `http` input definition to
|
||
|
your Logstash coniguration file:
|
||
|
|
||
|
[source,yml]
|
||
|
--------------------------------------------------
|
||
|
input {
|
||
|
http {
|
||
|
host => "mylogstashhost" <1>
|
||
|
port => "8080" <2>
|
||
|
}
|
||
|
}
|
||
|
--------------------------------------------------
|
||
|
<1> The name of your Logstash HTTP host.
|
||
|
<2> The port the HTTP host listens on.
|
||
|
|
||
|
For more information about using a `webhook` action to send data to Logstash, see
|
||
|
<<configuring-webook-actions, Configuring Webhook Actions>>.
|
||
|
|