Http input plugin

edit
  • Plugin version: v3.0.10
  • Released on: 2018-04-06
  • Changelog

Getting Help

edit

For questions about the plugin, open a topic in the Discuss forums. For bugs or feature requests, open an issue in Github. For the list of Elastic supported plugins, please consult the Elastic Support Matrix.

Description

edit

Using this input you can receive single or multiline events over http(s). Applications can send an HTTP POST request with a body to the endpoint started by this input and Logstash will convert it into an event for subsequent processing. Users can pass plain text, JSON, or any formatted data and use a corresponding codec with this input. For Content-Type application/json the json codec is used, but for all other data formats, plain codec is used.

This input can also be used to receive webhook requests to integrate with other services and applications. By taking advantage of the vast plugin ecosystem available in Logstash you can trigger actionable events right from your application.

Blocking Behavior

edit

The HTTP protocol doesn’t deal well with long running requests. This plugin will either return a 429 (busy) error when Logstash is backlogged, or it will time out the request.

If a 429 error is encountered clients should sleep, backing off exponentially with some random jitter, then retry their request.

This plugin will block if the Logstash queue is blocked and there are available HTTP input threads. This will cause most HTTP clients to time out. Sent events will still be processed in this case. This behavior is not optimal and will be changed in a future release. In the future, this plugin will always return a 429 if the queue is busy, and will not time out in the event of a busy queue.

Security

edit

This plugin supports standard HTTP basic authentication headers to identify the requester. You can pass in a username, password combination while sending data to this input

You can also setup SSL and send data securely over https, with an option of validating the client’s certificate. Currently, the certificate setup is through Java Keystore format

Http Input Configuration Options

edit

This plugin supports the following configuration options plus the Common Options described later.

Setting Input type Required

additional_codecs

hash

No

host

string

No

keystore

a valid filesystem path

No

keystore_password

password

No

password

password

No

port

number

No

response_headers

hash

No

ssl

boolean

No

threads

number

No

user

string

No

verify_mode

string, one of ["none", "peer", "force_peer"]

No

Also see Common Options for a list of options supported by all input plugins.

 

additional_codecs

edit
  • Value type is hash
  • Default value is {"application/json"=>"json"}

Apply specific codecs for specific content types. The default codec will be applied only after this list is checked and no codec for the request’s content-type is found

host

edit
  • Value type is string
  • Default value is "0.0.0.0"

The host or ip to bind

keystore

edit
  • Value type is path
  • There is no default value for this setting.

The JKS keystore to validate the client’s certificates

keystore_password

edit
  • Value type is password
  • There is no default value for this setting.

Set the truststore password

password

edit
  • Value type is password
  • There is no default value for this setting.

Password for basic authorization

port

edit
  • Value type is number
  • Default value is 8080

The TCP port to bind to

response_headers

edit
  • Value type is hash
  • Default value is {"Content-Type"=>"text/plain"}

specify a custom set of response headers

ssl

edit
  • Value type is boolean
  • Default value is false

SSL Configurations

Enable SSL

threads

edit
  • Value type is number
  • Default value is 4

Maximum number of threads to use

user

edit
  • Value type is string
  • There is no default value for this setting.

Username for basic authorization

verify_mode

edit
  • Value can be any of: none, peer, force_peer
  • Default value is "none"

Set the client certificate verification method. Valid methods: none, peer, force_peer

Common Options

edit

The following configuration options are supported by all input plugins:

Setting Input type Required

add_field

hash

No

codec

codec

No

enable_metric

boolean

No

id

string

No

tags

array

No

type

string

No

Details

edit

 

add_field

edit
  • Value type is hash
  • Default value is {}

Add a field to an event

codec

edit
  • Value type is codec
  • Default value is "plain"

The codec used for input data. Input codecs are a convenient method for decoding your data before it enters the input, without needing a separate filter in your Logstash pipeline.

enable_metric

edit
  • Value type is boolean
  • Default value is true

Disable or enable metric logging for this specific plugin instance by default we record all the metrics we can, but you can disable metrics collection for a specific plugin.

  • Value type is string
  • There is no default value for this setting.

Add a unique ID to the plugin configuration. If no ID is specified, Logstash will generate one. It is strongly recommended to set this ID in your configuration. This is particularly useful when you have two or more plugins of the same type, for example, if you have 2 http inputs. Adding a named ID in this case will help in monitoring Logstash when using the monitoring APIs.

input {
  http {
    id => "my_plugin_id"
  }
}

tags

edit
  • Value type is array
  • There is no default value for this setting.

Add any number of arbitrary tags to your event.

This can help with processing later.

type

edit
  • Value type is string
  • There is no default value for this setting.

This is the base class for Logstash inputs. Add a type field to all events handled by this input.

Types are used mainly for filter activation.

The type is stored as part of the event itself, so you can also use the type to search for it in Kibana.

If you try to set a type on an event that already has one (for example when you send an event from a shipper to an indexer) then a new input will not override the existing type. A type set at the shipper stays with that event for its life even when sent to another Logstash server.