Sending Log Events
The simplest way to ship logs to Sematext is via the Discovery screen after the initial setup. Alernatively, there are many other ways to ship log events to Sematext. Because Sematext exposes an API compatible with Elasticsearch and OpenSearch, any of the numerous log shippers or log libraries that have Elasticsearch outputs (or "adapters") can be used to ship logs. Sematext also accepts syslogs.
- HTTP / HTTPS (ports 80 / 443), by using the Elasticsearch API on logsene-receiver.sematext.com / logsene-receiver.eu.sematext.com
- UDP / TCP / RELP / TLS, by using the syslog receiver on logsene-syslog-receiver.sematext.com / logsene-syslog-receiver.eu.sematext.com
- UDP / TCP by using the socket receiver for JSON on logsene-syslog-receiver.sematext.com / logsene-syslog-receiver.eu.sematext.com
All options work with log shippers such as Logstash, Fluentd, Fluent Bit, rsyslog or syslog-ng... and many, many more. Instructions for a lot more log shipping methods are inside Sematext Cloud itself.
Additionally, you can always write your own application or script that works with Elasticsearch or syslog or any other tool that can send data to Sematext's Elasticsearch API.
Elasticsearch API¶
The easiest way to send logs is with Sematext Agent, Logstash, or Filebeat. Have in mind any log shipper will get the job done. You can also use any tool that works with Elasticsearch's REST API, for both indexing and searching.
If you're using a particular programming language, configuring your logging framework to send data to Sematext Logs is also an option.
The only condition is to use the App's token as the index name, and https://logsene-receiver.sematext.com:443
, or https://logsene-receiver.eu.sematext.com:443
as the Elasticsearch endpoint.
Here's how to send a message from the terminal.
curl -XPOST https://logsene-receiver.sematext.com/YOUR-TOKEN-GOES-RIGHT-HERE/example/ -d '{ "message": "Hello from Sematext!" }'
Here example
represents the desired type. It can be anything from log
, event
, host
, node
, and anything in between, giving freedom to create custom types for logs. This value gets stored in the logsene_type
field allowing for easy filtering on types when needed.
This guide will show you more details on using the Elasticsearch REST API with Sematext.
Syslog¶
You can forward syslog via UDP (port 514), TCP (port 514), RELP (port 20514) and TLS (port 10514). The host name is logsene-syslog-receiver.sematext.com / logsene-syslog-receiver.eu.sematext.com
To get started with syslog shipping quickly, you can use our configuration script and add your App token as a parameter:
curl -O https://apps.sematext.com/logsene/configure-syslog.py
sudo python configure-syslog.py $YOUR-TOKEN-GOES-RIGHT-HERE
You can also use this snippet:
echo 'example.com eed460a3-9516-458c-8c5c-8e7c495665cd:Hello from Sematext!' | nc logsene-syslog-receiver.sematext.com 514
For more details, take a look at the Syslog page, and the pages that are linked from it.