Skip to content

Sending Log Events

The simplest way to ship logs to Sematext is via the Discovery screen after the initial setup. Alernatively, there are many other ways to ship log events to Sematext. Because Sematext exposes an API compatible with Elasticsearch and OpenSearch, any of the numerous log shippers or log libraries that have Elasticsearch outputs (or "adapters") can be used to ship logs. Sematext also accepts syslogs.

  • HTTP / HTTPS (ports 80 / 443), by using the Elasticsearch API on /
  • UDP / TCP / RELP / TLS, by using the syslog receiver on /
  • UDP / TCP by using the socket receiver for JSON on /

All options work with log shippers such as Logstash, Fluentd, Fluent Bit, rsyslog or syslog-ng... and many, many more. Instructions for a lot more log shipping methods are inside Sematext Cloud itself.

Additionally, you can always write your own application or script that works with Elasticsearch or syslog or any other tool that can send data to Sematext's Elasticsearch API.

Elasticsearch API

The easiest way to send logs is with Sematext Agent, Logstash, or Filebeat. Have in mind any log shipper will get the job done. You can also use any tool that works with Elasticsearch's REST API, for both indexing and searching.

If you're using a particular programming language, configuring your logging framework to send data to Sematext Logs is also an option.

The only condition is to use the App's token as the index name, and, or as the Elasticsearch endpoint.

Here's how to send a message from the terminal.

curl -XPOST -d '{
  "message": "Hello from Sematext!"

Here example represents the desired type. It can be anything from log, event, host, node, and anything in between, giving freedom to create custom types for logs. This value gets stored in the logsene_type field allowing for easy filtering on types when needed.

Logs App Elasticsearch integration

This guide will show you more details on using the Elasticsearch REST API with Sematext.


You can forward syslog via UDP (port 514), TCP (port 514), RELP (port 20514) and TLS (port 10514). The host name is /

To get started with syslog shipping quickly, you can use our configuration script and add your App token as a parameter:

curl -O

You can also use this snippet:

echo ' eed460a3-9516-458c-8c5c-8e7c495665cd:Hello from Sematext!' | nc 514

Logs App Syslog integration

For more details, take a look at the Syslog page, and the pages that are linked from it.