Logstash to SigNoz
If you use logstash to collect logs in your stack with this tutotrial you will be able to send logs from logstash to SigNoz.
At SigNoz we use opentelemetry collector to recieve logs which supports the TCP protocol. So you can forward your logs from your logstash agent to opentelemetry collector
Collect Logs Using Logstash in SigNoz cloud
Add otel collector binary to your VM by following this guide.
Add the reciever to your
config.yaml
receivers:
tcplog/logstash:
max_log_size: 1MiB
listen_address: "0.0.0.0:2255"
attributes: {}
resource: {}
add_attributes: false
operators: []Here we have used port 2255 for listening in TCP protocol, but you can change it to a port you want. You can read more about tcplog reciver here.
Modify your
config.yaml
and add the above receiverservice:
....
logs:
receivers: [otlp, tcplog/logstash]
processors: [batch]
exporters: [otlp]Change the logstash config to forward the logs to otel collector.
output {
tcp {
codec => json_lines # this is required otherwise it will send eveything in a single line
host => "localhost"
port => 2255
}
}Here we are configuring logstash to send logs to otel-collector that we ran in the previous step, which is listening on port 2255. Also we are assuming that you are running the logstash binary on the host. If not, the value of
host
might change depending on your environment.Once you make this changes you can otel binary and logstash, and you will be able to see the logs in SigNoz.
To properly transform your existing log model into opentelemetry log model you can use the different processors provided by opentelemetry link.
Collect Logs Using Logstash in Self-Hosted SigNoz
Add the reciever to your
otel-collector-config.yaml
which is present insidedeploy/docker/clickhouse-setup
receivers:
tcplog/logstash:
max_log_size: 1MiB
listen_address: "0.0.0.0:2255"
attributes: {}
resource: {}
add_attributes: false
operators: []Here we have used port 2255 for listening in TCP protocol, but you can change it to a port you want. You can read more about tcplog reciver here.
Update the pipleline for logs and make the following change in
otel-collector-config.yaml
service:
...
logs:
receivers: [ otlp, tcplog/logstash ]
processors: [ batch ]
exporters: [ clickhouselogsexporter ]Here we are adding our clickhouse exporter and creating a pipeline which will collect logs from
tcplog/logstash
receiver, processing it using batch processor and export it to clickhouse.Expose the port in port for otel-collector in
docker-compose.yaml
file present indeploy/docker/clickhouse-setup
otel-collector:
...
ports:
- "2255:2255"Change the logstash config to forward the logs to otel collector.
output {
tcp {
codec => json_lines # this is required otherwise it will send eveything in a single line
host => "<otel-collector-host>"
port => 2255
}
}In this example we are generating sample logs and then forwarding them to the otel collector which is listening on port 2255.
<otel-collector-host>
has to be replaced by the host where otel-collector is running. For more info check troubleshooting.Once you make this changes you can restart logstash and SignNoz, and you will be able to see the logs in SigNoz.
To properly transform your existing log model into opentelemetry log model you can use the different processors provided by opentelemetry. link