Logstash HTTP Filter Plugin

Pulse - Elasticsearch Operations Done Right

On this page

Syntax Example Use Case Common Issues and Best Practices Frequently Asked Questions

The Logstash HTTP filter plugin enables you to make HTTP requests to external services or APIs during the event processing pipeline. This plugin is particularly useful when you need to enrich your log data with information from external sources or perform actions based on the event data.

Syntax

filter {
  http {
    url => "http://example.com/api"
    verb => "GET"
    headers => {
      "Authorization" => "Bearer token"
    }
    target_body => "response_body"
    target_headers => "response_headers"
  }
}

For detailed configuration options, refer to the official Logstash HTTP filter plugin documentation.

Example Use Case

Suppose you want to enrich your log data with geolocation information based on IP addresses. You can use the HTTP filter plugin to query an IP geolocation API:

filter {
  http {
    url => "https://ipapi.co/%{[client_ip]}/json"
    verb => "GET"
    headers => {
      "User-Agent" => "Logstash/1.0"
    }
    target_body => "geolocation_data"
  }

  json {
    source => "geolocation_data"
    target => "geolocation"
  }
}

This configuration sends a GET request to the ipapi.co service with the client IP address and stores the JSON response in the geolocation field of the event.

Common Issues and Best Practices

  1. Rate Limiting: Be mindful of rate limits imposed by the external API. Use the retry_failed option and adjust automatic_retries and retry_interval accordingly.

  2. Error Handling: Implement proper error handling using conditional statements to check for successful responses.

  3. Performance: HTTP requests can introduce latency. Use this plugin judiciously and consider caching responses when appropriate.

  4. Security: Always use HTTPS for secure communication and handle authentication tokens securely.

  5. Timeouts: Set appropriate connect_timeout and request_timeout values to prevent pipeline blockages due to slow or unresponsive APIs.

Frequently Asked Questions

Q: Can I use variables in the URL?
A: Yes, you can use event field references in the URL. For example, url => "https://api.example.com/%{field_name}".

Q: How can I handle authentication in the HTTP requests?
A: You can add authentication headers using the headers option. For example, headers => { "Authorization" => "Bearer %{api_token}" }.

Q: Is it possible to send POST requests with a body?
A: Yes, you can use the verb => "POST" option and specify the body using the body option.

Q: How can I parse the JSON response from an API?
A: Use the json filter after the http filter to parse the JSON response stored in the target field.

Q: Can I use the HTTP filter plugin for conditional requests?
A: Yes, you can wrap the http filter in a conditional statement to make requests only when certain conditions are met.

Pulse - Elasticsearch Operations Done Right

Pulse can solve your Elasticsearch issues

Subscribe to the Pulse Newsletter

Get early access to new Pulse features, insightful blogs & exclusive events , webinars, and workshops.

We use cookies to provide an optimized user experience and understand our traffic. To learn more, read our use of cookies; otherwise, please choose 'Accept Cookies' to continue using our website.