For other versions, see theVersioned plugin docs.
For questions about the plugin, open a topic in the Discuss forums. For bugs or feature requests, open an issue in Github.For the list of Elastic supported plugins, please consult the Elastic Support Matrix.
This plugin supports the following configuration options plus the Common Options described later.
| Setting | Input type | Required |
|---|---|---|
String, Array or Hash |
No |
|
No |
||
No |
||
No |
||
No |
||
No |
||
Yes |
||
No |
There are also multiple configuration options related to the HTTP connectivity:
| Setting | Input type | Required |
|---|---|---|
No |
||
a valid filesystem path |
No |
|
a valid filesystem path |
No |
|
a valid filesystem path |
No |
|
No |
||
No |
||
No |
||
No |
||
a valid filesystem path |
No |
|
No |
||
No |
||
No |
||
No |
||
No |
||
No |
||
No |
||
No |
||
No |
||
a valid filesystem path |
No |
|
No |
||
No |
||
no |
||
No |
Also see Common Options for a list of options supported by allfilter plugins.
The body of the HTTP request to be sent.
"json" or "text""text"If set to "json" the body will be serialized as JSON. Otherwise it is sent as is.
The HTTP headers to be sent in the request. Both the names of the headers and theirvalues can reference values from event fields.
Define the query string parameters (key-value pairs) to be sent in the HTTP request.
Define the target field for placing the body of the HTTP response. If this setting is omitted, the data will be stored in the "body" field.
Define the target field for placing the headers of the HTTP response. If this setting is omitted, the data will be stored in the "headers" field.
The URL to send the request to. The value can be fetched from event fields.
1How many times should the client retry a failing URL. We highly recommend NOT setting this valueto zero if keepalive is enabled. Some servers incorrectly end keepalives early requiring a retry!Note: if retry_non_idempotent is set only GET, HEAD, PUT, DELETE, OPTIONS, and TRACE requests will be retried.
If you need to use a custom X.509 CA (.pem certs) specify the path to that here
If you’d like to use a client certificate (note, most people don’t want this) set the path to the x509 cert here
If you’re using a client certificate specify the path to the encryption key here
10Timeout (in seconds) to wait for a connection to be established. Default is 10s
trueEnable cookie support. With this enabled the client will persist cookiesacross requests as a normal web browser would. Enabled by default
trueShould redirects be followed? Defaults to true
trueTurn this on to enable HTTP keepalive support. We highly recommend setting automatic_retries to at leastone with this to fix interactions with broken keepalive implementations.
If you need to use a custom keystore (.jks) specify that here. This does not work with .pem keys!
Specify the keystore password here.Note, most .jks files created with keytool require a password!
"JKS"Specify the keystore type here. One of JKS or PKCS12. Default is JKS
Password to be used in conjunction with the username for HTTP authentication.
50Max number of concurrent connections. Defaults to 50
25Max number of concurrent connections to a single host. Defaults to 25
If you’d like to use an HTTP proxy . This supports multiple configuration syntaxes:
http://proxy.org:1234{host => "proxy.org", port => 80, scheme => 'http', user => 'username@host', password => 'password'}{url => 'http://proxy.org:1234', user => 'username@host', password => 'password'}60Timeout (in seconds) for the entire request.
falseIf automatic_retries is enabled this will cause non-idempotent HTTP verbs (such as POST) to be retried.
10Timeout (in seconds) to wait for data on the socket. Default is 10s
If you need to use a custom truststore (.jks) specify that here. This does not work with .pem certs!
Specify the truststore password here.Note, most .jks files created with keytool require a password!
"JKS"Specify the truststore type here. One of JKS or PKCS12. Default is JKS
Username to use with HTTP authentication for ALL requests. Note that you can also set this per-URL.If you set this you must also set the password option.
200How long to wait before checking for a stale connection to determine if a keepalive request is needed.Consider setting this value lower than the default, possibly to 0, if you get connection errors regularly.
This client is based on Apache Commons. Here’s how theApacheCommons documentation describes this option: "Defines period of inactivity inmilliseconds after which persistent connections must be re-validated prior tobeing leased to the consumer. Non-positive value passed to this method disablesconnection validation. This check helps detect connections that have becomestale (half-closed) while kept inactive in the pool."
The following configuration options are supported by all filter plugins:
| Setting | Input type | Required |
|---|---|---|
No |
||
No |
||
No |
||
No |
||
No |
||
No |
||
No |
{}If this filter is successful, add any arbitrary fields to this event.Field names can be dynamic and include parts of the event using the %{field}.
Example:
filter { http { add_field => { "foo_%{somefield}" => "Hello world, from %{host}" } }}
# You can also add multiple fields at once:filter { http { add_field => { "foo_%{somefield}" => "Hello world, from %{host}" "new_field" => "new_static_value" } }}
If the event has field "somefield" == "hello" this filter, on success,would add field foo_hello if it is present, with thevalue above and the %{host} piece replaced with that value from theevent. The second example would also add a hardcoded field.
[]If this filter is successful, add arbitrary tags to the event.Tags can be dynamic and include parts of the event using the %{field}syntax.
Example:
filter { http { add_tag => [ "foo_%{somefield}" ] }}
# You can also add multiple tags at once:filter { http { add_tag => [ "foo_%{somefield}", "taggedy_tag"] }}
If the event has field "somefield" == "hello" this filter, on success,would add a tag foo_hello (and the second example would of course add a taggedy_tag tag).
trueDisable or enable metric logging for this specific plugin instanceby default we record all the metrics we can, but you can disable metrics collectionfor a specific plugin.
Add a unique ID to the plugin configuration. If no ID is specified, Logstash will generate one.It is strongly recommended to set this ID in your configuration. This is particularly usefulwhen you have two or more plugins of the same type, for example, if you have 2 http filters.Adding a named ID in this case will help in monitoring Logstash when using the monitoring APIs.
filter { http { id => "ABC" }}
falseCall the filter flush method at regular interval.Optional.
[]If this filter is successful, remove arbitrary fields from this event.Example:
filter { http { remove_field => [ "foo_%{somefield}" ] }}
# You can also remove multiple fields at once:filter { http { remove_field => [ "foo_%{somefield}", "my_extraneous_field" ] }}
If the event has field "somefield" == "hello" this filter, on success,would remove the field with name foo_hello if it is present. The secondexample would remove an additional, non-dynamic field.
[]If this filter is successful, remove arbitrary tags from the event.Tags can be dynamic and include parts of the event using the %{field}syntax.
Example:
filter { http { remove_tag => [ "foo_%{somefield}" ] }}
# You can also remove multiple tags at once:filter { http { remove_tag => [ "foo_%{somefield}", "sad_unwanted_tag"] }}
If the event has field "somefield" == "hello" this filter, on success,would remove the tag foo_hello if it is present. The second examplewould remove a sad, unwanted tag as well.