Logstash

Squadcast - Logstash Integration guide

The following steps help in configuring a service so as to extract its related alert data from Logstash.

Squadcast will then process this information to create incidents for this service as per your preferences.

Using Logstash as an Alert Source

(1) From the navigation bar on the left, select Services. Pick the applicable Team from the Team-picker on the top. Next, click on Alert Sources for the applicable Service

(2) Search for Logstash from the Alert Source drop-down and copy the Webhook URL

Important

For an Alert Source to turn active (indicated by a green dot - Receiving alerts against the name of the Alert Source in the drop-down), you can either generate a test alert or wait for a real-time alert to be generated by the Alert Source.

An Alert Source is active if there is a recorded incident via that Alert Source for the Service in the last 30 days.

Create a Squadcast Webhook in Logstash

In your Logstash configuration file (.conf), under output section add the following.

       http {
           format=>"json"
           http_method=>"post"
           url=>"The URL obtained above"
        }

In case you want to filter the logs being sent you can use the standard Logstash output conditional statements. For example:

   if [type]=="FOO"{
     http {
       format=>"json"
       http_method=>"post"
       url=>"The URL obtained above"
        }
    }