Custom Logs
Collect custom logs with Elastic Agent.
What is an Elastic integration?
This integration is powered by Elastic Agent. Elastic Agent is a single, unified way to add monitoring for logs, metrics, and other types of data to a host. It can also protect hosts from security threats, query data from operating systems, forward data from remote services or hardware, and more. Refer to our documentation for a detailed comparison between Beats and Elastic Agent.
Prefer to use Beats for this use case? See Filebeat modules for logs or Metricbeat modules for metrics.
See the integrations quick start guides to get started:
The Custom Logs package is used for ingesting arbitrary log files and manipulating their content/lines by using Ingest Pipelines configuration.
In order to use the package, please follow these steps:
- Setup / Install Elastic Agent at the machine where the logs should be collected from
- Identify the log location at that machine e.g.
/tmp/custom.log. Note that/var/log/*.logis fully ingested by the System, no need to add this path if the System integration is already used - Enroll Custom Logs integration and add it to the installed agent. Give the dataset a name that fits to the log purpose, e.g.
pythonfor logs from a Python app. Make sure to configure the path from the step 2 - Check that the raw log data is coming in via Discover by filtering the
logs-*indices to the dataset name given in step 3, e.g.logs-python - Configure the parsing rules via Ingest Pipelines, e.g. JSON Parsing or grok parsing
- Create a custom dashboard that analyzes the incoming log data for your needs
ECS Field Mapping
This integration includes the ECS Dynamic Template, all fields that follows the ECS Schema will get assigned the correct index field mapping and does not need to be added manually.
Changelog
| Version | Details |
|---|---|
2.3.0 | Enhancement View pull request Expose exclude_files option |
2.2.0 | Enhancement View pull request Expose ignore_older option |
2.1.0 | Enhancement View pull request Add mapping for message field |
2.0.0 | Enhancement View pull request Change from type "integration" to "input" |
1.1.2 | Enhancement View pull request Added categories and/or subcategories. |
1.1.1 | Enhancement View pull request Improve documentation |
1.1.0 | Enhancement View pull request Add custom logs and processors |
1.0.0 | Enhancement View pull request Release Custom Logs as GA |
0.5.1 | Enhancement View pull request Uniform with guidelines |
0.5.0 | Enhancement View pull request Update integration description |
0.4.6 | Enhancement View pull request Updating package owner |
0.1.0 | Enhancement View pull request initial release |