How to use your API Key in Logstash
Sending data to Logstash is quick and simple to set up. If you have not already done so, please check out our Logstash data source guide before learning how to properly use the API key.
Once you have set up and configured your data source, you can configure a custom API key in Logstash to ensure authorisation to send messages.
Adding the API key to every message
Sending the API key with each message is the most common and preferred way of authorising requests. This API key can be anything you like (such as a GUID or a special string value of your choice).
You will also need to create a Logstash filter to drop all incoming messages that are missing the API key. The following code snippet can do this, as well as check that the API key is of a GUID format:
if [logstashApiKey] != "GUID"
{
drop {}
}
Example using Filebeat
To add the API key to messages being sent from Filebeat to Logstash, add it as
a field inside the YAML config file (/etc/filebeat/filebeat.yml
):
####################### Logit.io Filebeat Configuration ########################
# ============================== Filebeat inputs ==============================
filebeat.inputs:
- type: filestream
enabled: true
paths:
- var/log/nginx/access.log
fields:
type: nginx-access
logstashApiKey: <your-api-key>
fields_under_root: true
encoding: utf-8
exclude_files: [".gz"]
# ================================== Outputs ===================================
# ------------------------------ Logstash Output -------------------------------
output.logstash:
hosts: ["@logstash.host:@logstash.sslPort"]
loadbalance: true
ssl.enabled: true