Logstash

Squadcast - Logstash Integration guide

The following steps help in configuring a service so as to extract its related alert data from Logstash.

Squadcast will then process this information to create incidents for this service as per your preferences.

Using Logstash as an Alert Source

  1. Navigate to Services -> Service Overview -> select or search for your Service. Expand the accordion -> In the Alert Sources section, click Add.

2. Select Logstash. Copy the displayed Webhook URL to configure it within Logstash. Finish by clicking Add Alert Source -> Done.

Important:

When an alert source turns Active, it’ll show up under Configured Alert Sources, you can either generate a test alert from the integration or wait for a real-time alert to be generated by the Alert Source. An Alert Source is active if there is a recorded incident via that Alert Source for the Service.

Create a Squadcast Webhook in Logstash

In your Logstash configuration file (.conf), under output section add the following.

       http {
           format=>"json"
           http_method=>"post"
           url=>"The URL obtained above"
        }

In case you want to filter the logs being sent you can use the standard Logstash output conditional statements. For example:

   if [type]=="FOO"{
     http {
       format=>"json"
       http_method=>"post"
       url=>"The URL obtained above"
        }
    }

Last updated

#426: Past Incidents

Change request updated