Sending data to Logstash is quick and simple to setup. If you have not already done so, please check out our Data Source Wizard for Logstash before learning how to properly use the API key.

Adding security measures to safe-guard Logstash is highly recommended. There are a number of ways to add an authentication step to your request pipeline so that only authorised sources may ship logs to Logstash.

1. Add an API Key to every message

Sending the API key with each message is the most common and preferred way of authorising requests. This API key can be anything you like (such as a GUID or a special string value of your choice). Then you can use a Logstash filter to check if this key is included. If it is not included, you can drop the message as part of the filtering process. This method gives you far greater control over both ends of the authentication process.

For example, you can use Filebeat to send a log message that includes the API key:

filebeat.prospectors:
    type: log
    enabled: true
    paths:
        /var/log/nginx/access.log
    fields:
        type: nginx-access
        logstashApiKey: <your-api-key>
        fields_under_root: true
        encoding: utf-8
        exclude_files: [".gz"]

And use a Logstash filter to drop all messages that do not match the expected API key value:

if [logstashApiKey] != "<your-api-key>" 
{
  drop {}
}

2. Mutual TLS

Currently, this is a support request feature that can be setup by contacting our support team, here.

3. IP White-listing

This is an Enterprise plan exclusive feature and should be considered if the above methods do not satisfy your requirements.

What's next?

  • How to use your Api Key in Logstash

Did this answer your question?