# Logstash The following steps help in configuring a service so as to extract its related alert data from Logstash. Squadcast will then process this information to create incidents for this service as per your preferences. ### Using Logstash as an Alert Source 1. Navigate to **Services** -> **Service Overview** -> select or search for your Service. Expand the accordion -> In the Alert Sources section, click **Add**. ![](https://1574591692-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F8TaWz01jmUJl58p4ZVel%2Fuploads%2Fgit-blob-4fbd74e7ca0b30173c47a1d58ed6a0804a0465aa%2FAlert_Sources.png?alt=media\&token=aaca6610-9d18-4dd4-9cf5-320042f326f1) 2\. Select **Logstash.** Copy the displayed **Webhook URL** to [configure](#create-a-squadcast-webhook-in-logstash) it within **Logstash**. Finish by clicking **Add Alert Source** -> **Done.** ![](https://1574591692-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F8TaWz01jmUJl58p4ZVel%2Fuploads%2Fgit-blob-cece22c846df552e784c345547055e719355c6e4%2FLogstash.png?alt=media\&token=c001d20d-f393-415c-82d3-d490f54972cc) {% hint style="warning" %} **Important:** When an alert source turns Active, it’ll show up under Configured Alert Sources, you can either generate a test alert from the integration or wait for a real-time alert to be generated by the Alert Source. An Alert Source is active if there is a recorded incident via that Alert Source for the Service. {% endhint %} ### Create a Squadcast Webhook in Logstash In your Logstash configuration file (.conf), under output section add the following. ```json http { format=>"json" http_method=>"post" url=>"The URL obtained above" } ``` In case you want to filter the logs being sent you can use the standard Logstash output conditional statements. For example: ```json if [type]=="FOO"{ http { format=>"json" http_method=>"post" url=>"The URL obtained above" } } ``` *Have any questions?* [*Ask the community*](https://community.squadcast.com/view/home)*.*