Logstash
Squadcast - Logstash Integration guide
The following steps help in configuring a service so as to extract its related alert data from Logstash.
Squadcast will then process this information to create incidents for this service as per your preferences.
- 1.Navigate to Services -> Service Overview -> select or search for your Service. Expand the accordion -> In the Alert Sources section, click Add.
2. Select Logstash. Copy the displayed Webhook URL to configure it within Logstash. Finish by clicking Add Alert Source -> Done.
Important:
When an alert source turns Active, it’ll show up under Configured Alert Sources, you can either generate a test alert from the integration or wait for a real-time alert to be generated by the Alert Source. An Alert Source is active if there is a recorded incident via that Alert Source for the Service.
In your Logstash configuration file (.conf), under output section add the following.
http {
format=>"json"
http_method=>"post"
url=>"The URL obtained above"
}
In case you want to filter the logs being sent you can use the standard Logstash output conditional statements. For example:
if [type]=="FOO"{
http {
format=>"json"
http_method=>"post"
url=>"The URL obtained above"
}
}
Last modified 1yr ago