- Logstash Reference: other versions:
- Logstash Introduction
- Getting Started with Logstash
- How Logstash Works
- Setting Up and Running Logstash
- Logstash Directory Layout
- Logstash Configuration Files
- logstash.yml
- Secrets keystore for secure settings
- Running Logstash from the Command Line
- Running Logstash as a Service on Debian or RPM
- Running Logstash on Docker
- Configuring Logstash for Docker
- Running Logstash on Kubernetes
- Running Logstash on Windows
- Logging
- Shutting Down Logstash
- Upgrading Logstash
- Creating a Logstash pipeline
- Secure your connection
- Advanced Logstash Configurations
- Logstash-to-Logstash communication
- Managing Logstash
- Using Logstash with Elastic Integrations
- Working with Logstash Modules
- Working with Filebeat Modules
- Working with Winlogbeat Modules
- Queues and data resiliency
- Transforming Data
- Deploying and Scaling Logstash
- Managing GeoIP Databases
- Performance tuning
- Monitoring Logstash with Elastic Agent
- Monitoring Logstash (legacy)
- Monitoring Logstash with APIs
- Working with plugins
- Integration plugins
- Input plugins
- azure_event_hubs
- beats
- cloudwatch
- couchdb_changes
- dead_letter_queue
- elastic_agent
- elastic_serverless_forwarder
- elasticsearch
- exec
- file
- ganglia
- gelf
- generator
- github
- google_cloud_storage
- google_pubsub
- graphite
- heartbeat
- http
- http_poller
- imap
- irc
- java_generator
- java_stdin
- jdbc
- jms
- jmx
- kafka
- kinesis
- logstash
- log4j
- lumberjack
- meetup
- pipe
- puppet_facter
- rabbitmq
- redis
- relp
- rss
- s3
- s3-sns-sqs
- salesforce
- snmp
- snmptrap
- sqlite
- sqs
- stdin
- stomp
- syslog
- tcp
- udp
- unix
- varnishlog
- websocket
- wmi
- xmpp
- Output plugins
- boundary
- circonus
- cloudwatch
- csv
- datadog
- datadog_metrics
- dynatrace
- elastic_app_search
- elastic_workplace_search
- elasticsearch
- exec
- file
- ganglia
- gelf
- google_bigquery
- google_cloud_storage
- google_pubsub
- graphite
- graphtastic
- http
- influxdb
- irc
- java_stdout
- juggernaut
- kafka
- librato
- logstash
- loggly
- lumberjack
- metriccatcher
- mongodb
- nagios
- nagios_nsca
- opentsdb
- pagerduty
- pipe
- rabbitmq
- redis
- redmine
- riak
- riemann
- s3
- sink
- sns
- solr_http
- sqs
- statsd
- stdout
- stomp
- syslog
- tcp
- timber
- udp
- webhdfs
- websocket
- xmpp
- zabbix
- Filter plugins
- age
- aggregate
- alter
- bytes
- cidr
- cipher
- clone
- csv
- date
- de_dot
- dissect
- dns
- drop
- elapsed
- elastic_integration
- elasticsearch
- environment
- extractnumbers
- fingerprint
- geoip
- grok
- http
- i18n
- java_uuid
- jdbc_static
- jdbc_streaming
- json
- json_encode
- kv
- memcached
- metricize
- metrics
- mutate
- prune
- range
- ruby
- sleep
- split
- syslog_pri
- threats_classifier
- throttle
- tld
- translate
- truncate
- urldecode
- useragent
- uuid
- wurfl_device_detection
- xml
- Codec plugins
- Tips and best practices
- Troubleshooting
- Contributing to Logstash
- How to write a Logstash input plugin
- How to write a Logstash codec plugin
- How to write a Logstash filter plugin
- How to write a Logstash output plugin
- Logstash Plugins Community Maintainer Guide
- Document your plugin
- Publish your plugin to RubyGems.org
- List your plugin
- Contributing a patch to a Logstash plugin
- Extending Logstash core
- Contributing a Java Plugin
- Breaking changes
- Release Notes
- Logstash 8.17.0 Release Notes
- Logstash 8.16.2 Release Notes
- Logstash 8.16.1 Release Notes
- Logstash 8.16.0 Release Notes
- Logstash 8.15.5 Release Notes
- Logstash 8.15.4 Release Notes
- Logstash 8.15.3 Release Notes
- Logstash 8.15.2 Release Notes
- Logstash 8.15.1 Release Notes
- Logstash 8.15.0 Release Notes
- Logstash 8.14.3 Release Notes
- Logstash 8.14.2 Release Notes
- Logstash 8.14.1 Release Notes
- Logstash 8.14.0 Release Notes
- Logstash 8.13.4 Release Notes
- Logstash 8.13.3 Release Notes
- Logstash 8.13.2 Release Notes
- Logstash 8.13.1 Release Notes
- Logstash 8.13.0 Release Notes
- Logstash 8.12.2 Release Notes
- Logstash 8.12.1 Release Notes
- Logstash 8.12.0 Release Notes
- Logstash 8.11.4 Release Notes
- Logstash 8.11.3 Release Notes
- Logstash 8.11.2 Release Notes
- Logstash 8.11.1 Release Notes
- Logstash 8.11.0 Release Notes
- Logstash 8.10.4 Release Notes
- Logstash 8.10.3 Release Notes
- Logstash 8.10.2 Release Notes
- Logstash 8.10.1 Release Notes
- Logstash 8.10.0 Release Notes
- Logstash 8.9.2 Release Notes
- Logstash 8.9.1 Release Notes
- Logstash 8.9.0 Release Notes
- Logstash 8.8.2 Release Notes
- Logstash 8.8.1 Release Notes
- Logstash 8.8.0 Release Notes
- Logstash 8.7.1 Release Notes
- Logstash 8.7.0 Release Notes
- Logstash 8.6.2 Release Notes
- Logstash 8.6.1 Release Notes
- Logstash 8.6.0 Release Notes
- Logstash 8.5.3 Release Notes
- Logstash 8.5.2 Release Notes
- Logstash 8.5.1 Release Notes
- Logstash 8.5.0 Release Notes
- Logstash 8.4.2 Release Notes
- Logstash 8.4.1 Release Notes
- Logstash 8.4.0 Release Notes
- Logstash 8.3.3 Release Notes
- Logstash 8.3.2 Release Notes
- Logstash 8.3.1 Release Notes
- Logstash 8.3.0 Release Notes
- Logstash 8.2.3 Release Notes
- Logstash 8.2.2 Release Notes
- Logstash 8.2.1 Release Notes
- Logstash 8.2.0 Release Notes
- Logstash 8.1.3 Release Notes
- Logstash 8.1.2 Release Notes
- Logstash 8.1.1 Release Notes
- Logstash 8.1.0 Release Notes
- Logstash 8.0.1 Release Notes
- Logstash 8.0.0 Release Notes
- Logstash 8.0.0-rc2 Release Notes
- Logstash 8.0.0-rc1 Release Notes
- Logstash 8.0.0-beta1 Release Notes
- Logstash 8.0.0-alpha2 Release Notes
- Logstash 8.0.0-alpha1 Release Notes
Health report API
editHealth report API
editAn API that reports the health status of Logstash.
curl -XGET 'localhost:9600/_health_report?pretty'
Description
editThe health API returns a report with the health status of Logstash and the pipelines that are running inside of it. The report contains a list of indicators that compose Logstash functionality.
Each indicator has a health status of: green
, unknown
, yellow
, or red
.
The indicator will provide an explanation and metadata describing the reason for its current health status.
The top-level status is controlled by the worst indicator status.
In the event that an indicator’s status is non-green, a list of impacts may be present in the indicator result which detail the functionalities that are negatively affected by the health issue. Each impact carries with it a severity level, an area of the system that is affected, and a simple description of the impact on the system.
Some health indicators can determine the root cause of a health problem and prescribe a set of steps that can be performed in order to improve the health of the system.
The root cause and remediation steps are encapsulated in a diagnosis
.
A diagnosis contains a cause detailing a root cause analysis, an action containing a brief description of the steps to take to fix the problem, and the URL for detailed troubleshooting help.
The health indicators perform root cause analysis of non-green health statuses. This can be computationally expensive when called frequently.
Response body
edit-
status
-
(Optional, string) Health status of Logstash, based on the aggregated status of all indicators. Statuses are:
-
green
- Logstash is healthy.
-
unknown
- The health of Logstash could not be determined.
-
yellow
-
The functionality of Logstash is in a degraded state and may need remediation to avoid the health becoming
red
. -
red
- Logstash is experiencing an outage or certain features are unavailable for use.
-
-
indicators
-
(object) Information about the health of the Logstash indicators.
Properties of
indicators
-
<indicator>
-
(object) Contains health results for an indicator.
Properties of
<indicator>
-
status
-
(string) Health status of the indicator. Statuses are:
-
green
- The indicator is healthy.
-
unknown
- The health of the indicator could not be determined.
-
yellow
-
The functionality of an indicator is in a degraded state and may need remediation to avoid the health becoming
red
. -
red
- The indicator is experiencing an outage or certain features are unavailable for use.
-
-
symptom
- (string) A message providing information about the current health status.
-
details
- (Optional, object) An object that contains additional information about the indicator that has lead to the current health status result. Each indicator has a unique set of details.
-
impacts
-
(Optional, array) If a non-healthy status is returned, indicators may include a list of impacts that this health status will have on Logstash.
Properties of
impacts
-
severity
- (integer) How important this impact is to the functionality of Logstash. A value of 1 is the highest severity, with larger values indicating lower severity.
-
description
- (string) A description of the impact on Logstash.
-
impact_areas
-
(array of strings) The areas Logstash functionality that this impact affects. Possible values are:
-
pipeline_execution
-
-
-
diagnosis
-
(Optional, array) If a non-healthy status is returned, indicators may include a list of diagnosis that encapsulate the cause of the health issue and an action to take in order to remediate the problem.
Properties of
diagnosis
-
cause
- (string) A description of a root cause of this health problem.
-
action
-
(string) A brief description the steps that should be taken to remediate the problem.
A more detailed step-by-step guide to remediate the problem is provided by the
help_url
field. -
help_url
- (string) A link to the troubleshooting guide that’ll fix the health problem.
-
-
-
Indicator Details
editEach health indicator in the health API returns a set of details that further explains the state of the system. The details have contents and a structure that is unique to each indicator.
Pipeline Indicator Details
edit-
pipelines/indicators/<pipeline_id>/details
-
(object) Information about the specified pipeline.
Properties of
pipelines/indicators/<pipeline_id>/details
-
status
-
(object) Details related to the pipeline’s current status and run-state.
Properties of
status
-
state
-
(string) The current state of the pipeline, including whether it is
loading
,running
,finished
, orterminated
.
-
-