What is an Elastic integration?

This integration is powered by Elastic Agent. Elastic Agent is a single, unified way to add monitoring for logs, metrics, and other types of data to a host. It can also protect hosts from security threats, query data from operating systems, forward data from remote services or hardware, and more. Refer to our documentation for a detailed comparison between Beats and Elastic Agent.

Prefer to use Beats for this use case? See Filebeat modules for logs or Metricbeat modules for metrics.

The Custom Logs package is used for ingesting arbitrary log files and manipulating their content/lines by using Ingest Pipelines configuration.

In order to use the package, please follow these steps:

  1. Setup / Install Elastic Agent at the machine where the logs should be collected from
  2. Identify the log location at that machine e.g. /tmp/custom.log. Note that /var/log/*.log is fully ingested by the System, no need to add this path if the System integration is already used
  3. Enroll Custom Logs integration and add it to the installed agent. Give the dataset a name that fits to the log purpose, e.g. python for logs from a Python app. Make sure to configure the path from the step 2
  4. Check that the raw log data is coming in via Discover by filtering the logs-* indices to the dataset name given in step 3, e.g. logs-python
  5. Configure the parsing rules via Ingest Pipelines, e.g. JSON Parsing or grok parsing
  6. Create a custom dashboard that analyzes the incoming log data for your needs

Changelog

VersionDetails
1.1.1
Enhancement View pull request
Improve documentation
1.1.0
Enhancement View pull request
Add custom logs and processors
1.0.0
Enhancement View pull request
Release Custom Logs as GA
0.5.1
Enhancement View pull request
Uniform with guidelines
0.5.0
Enhancement View pull request
Update integration description
0.4.6
Enhancement View pull request
Updating package owner
0.1.0
Enhancement View pull request
initial release