Sending data to Logstash is quick and simple to set up. If you have not already done so, please check out our Data Source Wizard for Logstash before learning how to properly use the API key.
Once you have setup and configured your data source, you can configure a custom API key in Logstash to ensure authorisation to send messages.
Adding the API key to every message
Sending the API key with each message is the most common and preferred way of authorising requests. This API key can be anything you like (such as a GUID or a special string value of your choice).
You will also need to create a Logstash filter to drop all incoming messages that are missing the API key. The following code snippet can do this, as well as check that the the API key is of a GUID format:
if [logstashApiKey] != "GUID"
Example using Filebeat
To add the API key to messages being sent from Filebeat to Logstash, add it as a field inside the yaml config file (
- Learn how to send log files to Logstash