Logstash

Squadcast - Logstash Integration guide

The following steps help in configuring a service so as to extract its related alert data from Logstash.

Squadcast will then process this information to create incidents for this service as per your preferences.

Using Logstash as an Alert Source

On the Sidebar, click on Services.

You can either choose to use existing service or create a new service

Now, click on the corresponding Alert Sources button.

Select Logstash from Alert Source drop down and copy the Webhook URL shown.

Important

For an Alert Source to turn active (indicated by a green dot - Receiving alerts against the name of the Alert Source in the drop-down), you can either generate a test alert or wait for a real-time alert to be generated by the Alert Source.

An Alert Source is active if there is a recorded incident via that Alert Source for the Service in the last 30 days.

Create a Squadcast Webhook in Logstash

In your Logstash configuration file (.conf), under output section add the following.

       http {
           format=>"json"
           http_method=>"post"
           url=>"The URL obtained above"
        }

In case you want to filter the logs being sent you can use the standard Logstash output conditional statements. For example:

   if [type]=="FOO"{
     http {
       format=>"json"
       http_method=>"post"
       url=>"The URL obtained above"
        }
    }