Skip to main content

Logstash to SigNoz

If you use logstash to collect logs in your stack with this tutotrial you will be able to send logs from logstash to SigNoz.

At SigNoz we use opentelemetry collector to recieve logs which supports the TCP protocol. So you can forward your logs from your logstash agent to opentelemetry collector

Collect Logs Using Logstash in SigNoz cloud

  • Add otel collector binary to your VM by following this guide.

  • Add the reciever to your config.yaml 

    receivers:
      tcplog/logstash:
        max_log_size: 1MiB
        listen_address: "0.0.0.0:2255"
        attributes: {}
        resource: {}
        add_attributes: false
        operators: []

    Here we have used port 2255 for listening in TCP protocol, but you can change it to a port you want. You can read more about tcplog reciver here.

  • Modify your config.yaml and add the above receiver

    service:
        ....
        logs:
            receivers: [otlp, tcplog/logstash]
            processors: [batch]
            exporters: [otlp]

  • Change the logstash config to forward the logs to otel collector.

    output {
      tcp {
        codec => json_lines # this is required otherwise it will send eveything in a single line
        host => "localhost"
        port => 2255
      }
    }

    Here we are configuring logstash to send logs to otel-collector that we ran in the previous step, which is listening on port 2255. Also we are assuming that you are running the logstash binary on the host. If not, the value of host might change depending on your environment.

  • Once you make this changes you can otel binary and logstash, and you will be able to see the logs in SigNoz.

  • To properly transform your existing log model into opentelemetry log model you can use the different processors provided by opentelemetry link.

Collect Logs Using Logstash in Self-Hosted SigNoz

  • Add the reciever to your otel-collector-config.yaml which is present inside deploy/docker/clickhouse-setup

    receivers:
      tcplog/logstash:
        max_log_size: 1MiB
        listen_address: "0.0.0.0:2255"
        attributes: {}
        resource: {}
        add_attributes: false
        operators: []

    Here we have used port 2255 for listening in TCP protocol, but you can change it to a port you want. You can read more about tcplog reciver here.

  • Update the pipleline for logs and make the following change in otel-collector-config.yaml

    service:
      ...

      logs:
        receivers: [ otlp, tcplog/logstash ]
        processors: [ batch ]
        exporters: [  clickhouselogsexporter ]

    Here we are adding our clickhouse exporter and creating a pipeline which will collect logs from tcplog/logstash receiver, processing it using batch processor and export it to clickhouse.

  • Expose the port in port for otel-collector in docker-compose.yaml file present in deploy/docker/clickhouse-setup

    otel-collector:
      ...
      ports:
        - "2255:2255"

  • Change the logstash config to forward the logs to otel collector.

    output {
      tcp {
        codec => json_lines # this is required otherwise it will send eveything in a single line
        host => "<otel-collector-host>"
        port => 2255
      }
    }

    In this example we are generating sample logs and then forwarding them to the otel collector which is listening on port 2255. <otel-collector-host> has to be replaced by the host where otel-collector is running. For more info check troubleshooting.

  • Once you make this changes you can restart logstash and SignNoz, and you will be able to see the logs in SigNoz.

  • To properly transform your existing log model into opentelemetry log model you can use the different processors provided by opentelemetry. link