For other versions, see theVersioned plugin docs.
For questions about the plugin, open a topic in the Discuss forums. For bugs or feature requests, open an issue in Github.For the list of Elastic supported plugins, please consult the Elastic Support Matrix.
Using this input you can receive single or multiline events over http(s).Applications can send an HTTP request to the endpoint started by this input andLogstash will convert it into an event for subsequent processing. Userscan pass plain text, JSON, or any formatted data and use a corresponding codec with thisinput. For Content-Type application/json the json codec is used, but for all otherdata formats, plain codec is used.
This input can also be used to receive webhook requests to integrate with other servicesand applications. By taking advantage of the vast plugin ecosystem available in Logstashyou can trigger actionable events right from your application.
The HTTP protocol doesn’t deal well with long running requests. This plugin will either returna 429 (busy) error when Logstash is backlogged, or it will time out the request.
If a 429 error is encountered clients should sleep, backing off exponentially with some randomjitter, then retry their request.
This plugin will block if the Logstash queue is blocked and there are available HTTP input threads.This will cause most HTTP clients to time out. Sent events will still be processed in this case. Thisbehavior is not optimal and will be changed in a future release. In the future, this plugin will alwaysreturn a 429 if the queue is busy, and will not time out in the event of a busy queue.
This plugin supports standard HTTP basic authentication headers to identify the requester.You can pass in a username, password combination while sending data to this input
You can also setup SSL and send data securely over https, with multiple options such asvalidating the client’s certificate.
This plugin has two configuration options for codecs: codec and additional_codecs.
Values in additional_codecs are prioritized over those specified in thecodec option. That is, the default codec is applied only if no codecfor the request’s content-type is found in the additional_codecs setting.
This plugin supports the following configuration options plus the Common Options described later.
| Setting | Input type | Required |
|---|---|---|
No |
||
No |
||
No |
||
No |
||
No |
||
No |
||
No |
||
No |
||
No |
||
No |
||
a valid filesystem path |
No |
|
No |
||
No |
||
a valid filesystem path |
No |
|
No |
||
string, one of |
No |
|
No |
||
No |
||
No |
||
No |
||
string, one of |
No |
Also see Common Options for a list of options supported by allinput plugins.
{"application/json"=>"json"}Apply specific codecs for specific content types.The default codec will be applied only after this list is checkedand no codec for the request’s content-type is found
java.lang.String[TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256]@459cfccaThe list of ciphers suite to use, listed by priorities.
The JKS keystore to validate the client’s certificates
Note: This option is deprecated and it will be removed in the next major version of Logstash.Use ssl_certificate and ssl_key instead.
Set the truststore password
Note: This option is deprecated and it will be removed in the next major version of Logstash.Use ssl_certificate and ssl_key instead.
Password for basic authorization
The max content of an HTTP request in bytes. It defaults to 100mb.
Maximum number of incoming requests to store in a temporary queue before being processed by worker threads.If a request arrives and the queue is full a 429 response will be returned immediately.This queue exists to deal with micro bursts of events and to improve overall throughput,so it should be changed very carefully as it can lead to memory pressure and impact performance.If you need to deal both periodic or unforeseen spikes in incoming requests consider enabling thePersistent Queue for the logstash pipeline.
{"Content-Type"=>"text/plain"}specify a custom set of response headers
"host"specify a target field for the client host of the http request
"headers"specify target field for the client host of the http request
falseEvents are by default sent in plain text. You canenable encryption by setting ssl to true and configuringthe ssl_certificate and ssl_key options.
SSL certificate to use.
[]Validate client certificates against these authorities.You can define multiple files or paths. All the certificates willbe read and added to the trust store. You need to configure the ssl_verify_modeto peer or force_peer to enable the verification.
10000Time in milliseconds for an incomplete ssl handshake to timeout
SSL key to use.NOTE: This key need to be in the PKCS8 format, you can convert it with OpenSSLfor more information.
SSL key passphrase to use.
none, peer, force_peer"none"By default the server doesn’t do any client verification.
peer will make the server ask the client to provide a certificate.If the client provides a certificate, it will be validated.
force_peer will make the server ask the client to provide a certificate.If the client doesn’t provide a certificate, the connection will be closed.
This option needs to be used with ssl_certificate_authorities and a defined list of CAs.
Number of threads to use for both accepting connections and handling requests
1.2The maximum TLS version allowed for the encrypted connections. The value must be the one of the following:1.0 for TLS 1.0, 1.1 for TLS 1.1, 1.2 for TLS 1.2
1The minimum TLS version allowed for the encrypted connections. The value must be one of the following:1.0 for TLS 1.0, 1.1 for TLS 1.1, 1.2 for TLS 1.2
Username for basic authorization
none, peer, force_peer"none"Set the client certificate verification method. Valid methods: none, peer, force_peer
Note: This option is deprecated and it will be removed in the next major version of Logstash.Use ssl_verify_mode instead.
The following configuration options are supported by all input plugins:
"plain"The codec used for input data. Input codecs are a convenient method for decoding your data before it enters the input, without needing a separate filter in your Logstash pipeline.
trueDisable or enable metric logging for this specific plugin instanceby default we record all the metrics we can, but you can disable metrics collectionfor a specific plugin.
Add a unique ID to the plugin configuration. If no ID is specified, Logstash will generate one.It is strongly recommended to set this ID in your configuration. This is particularly usefulwhen you have two or more plugins of the same type, for example, if you have 2 http inputs.Adding a named ID in this case will help in monitoring Logstash when using the monitoring APIs.
input { http { id => "my_plugin_id" }}
Add any number of arbitrary tags to your event.
This can help with processing later.
Add a type field to all events handled by this input.
Types are used mainly for filter activation.
The type is stored as part of the event itself, so you canalso use the type to search for it in Kibana.
If you try to set a type on an event that already has one (forexample when you send an event from a shipper to an indexer) thena new input will not override the existing type. A type set atthe shipper stays with that event for its life evenwhen sent to another Logstash server.