If you’re developing your own application and want to send its logs to Humio, this article may be helpful. For the examples here, we’ll use Filebeat to send application logs from your application’s log file.
Refer to Elastic’s Filebeat documentation for setting up Filebeat on your system.
Do not use the Elastic non-OSS version of Filebeats. It will not work with Humio. For Filebeat OSS 7.x+, you need to be running Humio 1.5.8 or higher.
If you are using Docker to run your application, start by looking at the Docker Container documentation.
Filebeat sends logs as unstructured text. To parse these logs once they arrive at Humio, you need to assign a parser. You do this by configuring Filebeat to add an additional field called
@type. You set
@type to the name of one of Humio’s built-in parsers or one of your own parsers.
Example Filebeat configuration with a custom log type:
filebeat.inputs: - paths: - $PATH_TO_YOUR_APPLICATION_LOG fields: "@type": $PARSER_NAME output.elasticsearch: hosts: ["https://$YOUR_HUMIO_URL/api/v1/ingest/elastic-bulk"] username: $INGEST_TOKEN
$YOUR_HUMIO_URL— address/hostname of your Humio server
$INGEST_TOKEN— ingest token for your repository, for example, a string such as
$PATH_TO_YOUR_APPLICATION_LOG— the file path to the log file you want to send.
$PARSER_NAME— the name of either one of the built-in parsers such as
kv(Key-Value) or a custom parser.
See the detailed documentation for Filebeat for more information.
Remember to set a limit on the size of the log file, and rotate it so that you don’t run out of disk space.