OpenSearch/watcher/docs/administering-watcher/integrating-with-logstash.a...

62 lines
2.6 KiB
Plaintext
Raw Normal View History

[[logstash-integration]]
=== Integrating Watcher with Logstash
By default, Logstash uses the `node` protocol setting to ship data to Elasticsearch. When you use
the node protocol, the Logstash instance joins the Elasticsearch cluster and shares the cluster
state.
Watcher requires the License plugin to be installed on all instances in the cluster, including
the Logstash instance. To use Watcher in combination with the Logstash node protocol, you
must install the License plugin on top of Logstash. To do this, we've created a special
Logstash plugin called `logstash-output-elasticsearch-plugin`. This plugin simply pulls the
License jar file (elasticsearch-license-1.0.0.jar) and adds it to the classpath.
NOTE: If you're using the Logstash `transport` or `http` protocol, you do not need to install the
License plugin. The License plugin is only required if you're using the `node` protocol.
To install the Logstash License plugin:
. Shutdown the Logstash instance(s) that are shipping data to Elasticsearch.
. Run `bin/plugin install` to install the Logstash license plugin:
+
[source,js]
--------------------------------------------------
bin/plugin install logstash-output-elasticsearch-license
--------------------------------------------------
+
. Restart the Logstash instance(s).
==== Using Logstash for Watch Actions
Integrating Watcher with Logstash provides users a powerful pipeline to further transform and enrich watch payloads. Integrating with Logstash also enables you to send watches to the rich collection of outputs supported by Logstash.
For Logstash to receive data from Watcher, you need to enable the `http` input. The `http` input
launches a webserver and listens for incoming requests. The
Logstash `http` input supports basic auth and HTTPS.
Once the Logstash `http` input is enabled, you post data to Logstash with the
<<actions-webhook, `webhook`>> action.
NOTE: The `http` input is built in to Logstash 1.5.2 and above. To use the `http` input with
earlier versions of Logstash, install the `logstash-input-http` plugin by
running `bin/plugin install logstash-input-http`.
To configure Logstash to listen for incoming HTTP requests, add an `http` input definition to
your Logstash coniguration file:
[source,yml]
--------------------------------------------------
input {
http {
host => "mylogstashhost" <1>
port => "8080" <2>
}
}
--------------------------------------------------
<1> The name of your Logstash HTTP host.
<2> The port the HTTP host listens on.
For more information about using a `webhook` action to send data to Logstash, see
<<configuring-webook-actions, Configuring Webhook Actions>>.