Stream logs to elastic search from Fastly

soerenfrisk · April 10, 2019, 12:24pm

I'm trying to find a way to stream logs from fastly.com to an elastic cloud service. According to Fastly's docs you are only able to do this through Logstash (which is not included in the cloud service). It seems impractical to have and manage a logstash instance for receiving logs from one source.

Anyone have tried to successfully stream logs from Fastly to Elastic search directly?

It seems the only way to stream logs to elastic is through beats.

weltenwort · April 11, 2019, 8:45am

Hi @soerenfrisk,

After looking through the list of supported log services in the docs you linked, two paths might be viable:

Use logstash or filebeat to forward the syslog stream to Elasticsearch's HTTP API.
Try to (ab)use one of the HTTP-based service integrations to submit JSON docs to an ingest pipeline on your Elasticserach cluster. If I were to attempt that, I would start with the sumologic integration, because it looks quite generic and configurable. I would point it at a small HTTP server which I control to inspect the format and derive a pipeline from that.

soerenfrisk · April 11, 2019, 10:49am

Hi!

Thanks for helping.

How would i go about forwarding the syslog through filebeat? Is there any docs on this? I've only used filebeat as something installed on a server.

weltenwort · April 12, 2019, 1:38pm

Like logstash, filebeat would have to be set up on some server. Then it can consume syslog packets via its syslog input.

system · May 10, 2019, 1:38pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.