Migrating from Elastic Stack

If you are an existing user of the Elastic Stack with either Filebeat or Logstash, this is the page for you.

Humio offers a complete replacement for the Elastic Search bulk API, meaning that switching your existing Filebeat or Logstash configurations over to Humio is very easy.

Setting up Humio

First, you will need to have access to a repository in Humio.

The quickest way to get started using Humio is to sign up for Humio Community account in Humio Cloud.

Alternatively, you may choose to run our Docker on your own infrastructure.

Beats

Since you are running Elastic Search, you are likely already familiar with the Beats platform. You will have to reconfigure it to contain this (or equivalent):

logscale

output.elasticsearch:
  hosts: ["elasticsearch:9200"]

To make all beats point to Humio, change the output.elasticsearch section to:

logscale

output.elasticsearch:
  hosts: ["https://<HOST>:443/api/v1/ingest/elastic-bulk"]
  username: <INGEST_TOKEN>

Replace <HOST> with the hostname of your Humio cluster. For Humio Cloud, use cloud.humio.com. Make sure the port is set to 443. Beats' default port is 9200.

Finally, <INGEST_TOKEN> should be replaced with an Ingest Token for the repository. If your repository is empty, a dialog on the search page will contain your default ingest token

Figure 342. Beat

If you cannot find it there, you can always go to the Settings for your repository and create a new Ingest Token from there.

For more information about Beats log shippers, please take a look at Elastic Beats.

Falcon LogScale Documentation

Documentation

Reference Information

Knowledge Base

LogScale Notices

Release Notes

LogScale Training