Skip to content

Latest commit

 

History

History
 
 

logstash

README.md

Logstash Integration

Overview

Get metrics from Logstash service in real time to:

  • Visualize and monitor Logstash states.
  • Be notified about Logstash events.

Setup

The Logstash check is not included in the Datadog Agent package, so you need to install it.

Installation

For Agent v7.21+ / v6.21+, follow the instructions below to install the Logstash check on your host. See Use Community Integrations to install with the Docker Agent or earlier versions of the Agent.

  1. Run the following command to install the Agent integration:

    datadog-agent integration install -t datadog-logstash==<INTEGRATION_VERSION>

  2. Configure your integration similar to core integrations.

Configuration

  1. Edit the logstash.d/conf.yaml file in the conf.d/ folder at the root of your Agent's configuration directory to start collecting your Logstash metrics and logs. See the sample logstash.d/conf.yaml for all available configuration options.

  2. Restart the Agent

Metric collection

Add this configuration setup to your conf.yaml file to start gathering your Logstash metrics:

init_config:

instances:
  # The URL where Logstash provides its monitoring API.
  # This will be used to fetch various runtime metrics about Logstash.
  #
  - url: http://localhost:9600

Configure it to point to your server and port.

See the sample conf.yaml for all available configuration options.

Finally, restart the Agent to begin sending Logstash metrics to Datadog.

Log collection

Datadog has an output plugin for Logstash that takes care of sending your logs to your Datadog platform.

To install this plugin run the following command:

  • logstash-plugin install logstash-output-datadog_logs

Then configure the datadog_logs plugin with your Datadog API key:

output {
    datadog_logs {
        api_key => "<DATADOG_API_KEY>"
    }
}

By default, the plugin is configured to send logs through HTTPS (port 443) using gzip compression. You can change this behavior by using the following parameters:

  • use_http: Set this to false if you want to use TCP forwarding and update the host and port accordingly (default is true).
  • use_compression: Compression is only available for HTTP. Disable it by setting this to false (default is true).
  • compression_level: Set the compression level from HTTP. The range is from 1 to 9, 9 being the best ratio (default is 6).

Additional parameters can be used to change the endpoint used in order to go through a proxy:

  • host: The proxy endpoint for logs not directly forwarded to Datadog (default value: http-intake.logs.datadoghq.com).
  • port: The proxy port for logs not directly forwarded to Datadog (default value: 80).
  • ssl_port: The port used for logs forwarded with a secure TCP/SSL connection to Datadog (default value: 443).
  • use_ssl: Instructs the Agent to initialize a secure TCP/SSL connection to Datadog (default value: true).
  • no_ssl_validation: Disables SSL hostname validation (default value: false).

Note: Set host and port to your region {{< region-param key="http_endpoint" code="true" >}} {{< region-param key="http_port" code="true" >}}.

output {
   datadog_logs {
       api_key => "<DATADOG_API_KEY>"
       host => "http-intake.logs.datadoghq.eu"
   }
}
Add metadata to your logs

To get the best use out of your logs in Datadog, it is important to have the proper metadata associated with your logs, including hostname and source. By default, the hostname and timestamp should be properly remapped thanks to Datadog's default remapping for reserved attributes. To make sure the service is correctly remapped, add its attribute value to the service remapping list.

Source

Set up a Logstash filter to set the source (Datadog integration name) on your logs.

filter {
  mutate {
    add_field => {
 "ddsource" => "<MY_SOURCE_VALUE>"
       }
    }
 }

This triggers the integration automatic setup in Datadog.

Custom tags

Host tags are automatically set on your logs if there is a matching hostname in your infrastructure list. Use the ddtags attribute to add custom tags to your logs:

filter {
  mutate {
    add_field => {
        "ddtags" => "env:test,<KEY:VALUE>"
       }
    }
 }

Validation

Run the Agent's status subcommand and look for logstash under the Checks section.

Compatibility

The Logstash check is compatible with Logstash 5.x, 6.x and 7.x versions. It also supports the new multi-pipelines metrics introduced in Logstash 6.0. Tested with Logstash versions 5.6.15, 6.3.0 and 7.0.0.

Data Collected

Metrics

See metadata.csv for a list of metrics provided by this check.

Events

The Logstash check does not include any events.

Service Checks

See service_checks.json for a list of service checks provided by this integration.

Troubleshooting

Agent cannot connect

    logstash
    -------
      - instance #0 [ERROR]: "('Connection aborted.', error(111, 'Connection refused'))"
      - Collected 0 metrics, 0 events & 1 service check

Check that the url in conf.yaml is correct.

If you need further help, contact Datadog support.