The following steps help in configuring a service so as to extract its related alert data from Logstash. Squadcast will then process this information to create incidents for this service as per your preferences.

On the Sidebar, click on services.

You can either navigate to an existing service or make a new one by clicking on “Add Service”.

Check the service details like name, description, and the associated escalation policy for this service and make sure it is correctly entered.

From the integration types drop down select the integration type as “Logstash”. You will be shown your Logstash HTTP URL.

In your Logstash configuration file (.conf), under output section add the following

http {
       format=>"json"
       http_method=>"post"
       url=>"The URL obtained above"
        }

In case you want to filter the logs being sent you can use the standard Logstash output conditional statements. For example:

if [type]=="FOO"{
     http {
       format=>"json"
       http_method=>"post"
       url=>"The URL obtained above"
        }
    }
Did this answer your question?