This step-by-step guide helps you collect, and parse logs from your logstash processing pipeline into Axiom
input
sources, filter data for the specified configuration, and eventually store it.
Logstash sits between your data and where you want to keep it.
logstash.conf
file, define the source, set the rules to format your data, and set Axiom as the destination where the data is sent.
The Logstash configuration works with OpenSearch, so you can use the OpenSearch syntax to define the source and destination.
The Logstash Pipeline has three stages:
logstash.conf
, configure your Logstash pipeline to collect and send data logs to Axiom.
The example below shows Logstash configuration that sends data to Axiom:
AXIOM_DOMAIN
with api.axiom.co
if your organization uses the US region, and with api.eu.axiom.co
if your organization uses the EU region. For more information, see Regions.Replace API_TOKEN
with the Axiom API token you have generated. For added security, store the API token in an environment variable.Replace DATASET_NAME
with the name of the Axiom dataset where you want to send data.AXIOM_DOMAIN
with api.axiom.co
if your organization uses the US region, and with api.eu.axiom.co
if your organization uses the EU region. For more information, see Regions.Replace API_TOKEN
with the Axiom API token you have generated. For added security, store the API token in an environment variable.Replace DATASET_NAME
with the name of the Axiom dataset where you want to send data.COMBINEDAPACHELOG
.
AXIOM_DOMAIN
with api.axiom.co
if your organization uses the US region, and with api.eu.axiom.co
if your organization uses the EU region. For more information, see Regions.Replace API_TOKEN
with the Axiom API token you have generated. For added security, store the API token in an environment variable.Replace DATASET_NAME
with the name of the Axiom dataset where you want to send data.hostname
to host
, converts the response
field value to an integer, changes the method
field to uppercase, and removes the request
and httpversion
fields.
AXIOM_DOMAIN
with api.axiom.co
if your organization uses the US region, and with api.eu.axiom.co
if your organization uses the EU region. For more information, see Regions.Replace API_TOKEN
with the Axiom API token you have generated. For added security, store the API token in an environment variable.Replace DATASET_NAME
with the name of the Axiom dataset where you want to send data.syslog
with severity debug
.
AXIOM_DOMAIN
with api.axiom.co
if your organization uses the US region, and with api.eu.axiom.co
if your organization uses the EU region. For more information, see Regions.Replace API_TOKEN
with the Axiom API token you have generated. For added security, store the API token in an environment variable.Replace DATASET_NAME
with the name of the Axiom dataset where you want to send data.cloned_event
that is a clone of the original event.
AXIOM_DOMAIN
with api.axiom.co
if your organization uses the US region, and with api.eu.axiom.co
if your organization uses the EU region. For more information, see Regions.Replace API_TOKEN
with the Axiom API token you have generated. For added security, store the API token in an environment variable.Replace DATASET_NAME
with the name of the Axiom dataset where you want to send data.ip
field. Note that you may need to specify the path to the GeoIP database file in the plugin configuration, depending on your setup.