HTTP filter plugin v1.0.0

The body of the HTTP request to be sent.

If set to "json" the body will be serialized as JSON. Otherwise it is sent as is.

The HTTP headers to be sent in the request. Both the names of the headers and their values can reference values from event fields.

Define the query string parameters (key-value pairs) to be sent in the HTTP request.

Define the target field for placing the body of the HTTP response. If this setting is omitted, the data will be stored in the "body" field.

Define the target field for placing the headers of the HTTP response. If this setting is omitted, the data will be stored in the "headers" field.

The URL to send the request to. The value can be fetched from event fields.

The verb to be used for the HTTP request.

How many times should the client retry a failing URL. We highly recommend NOT setting this value to zero if keepalive is enabled. Some servers incorrectly end keepalives early requiring a retry! Note: if retry_non_idempotent is set only GET, HEAD, PUT, DELETE, OPTIONS, and TRACE requests will be retried.

If you need to use a custom X.509 CA (.pem certs) specify the path to that here

If you’d like to use a client certificate (note, most people don’t want this) set the path to the x509 cert here

If you’re using a client certificate specify the path to the encryption key here

Timeout (in seconds) to wait for a connection to be established. Default is 10s

Enable cookie support. With this enabled the client will persist cookies across requests as a normal web browser would. Enabled by default

Should redirects be followed? Defaults to true

Turn this on to enable HTTP keepalive support. We highly recommend setting automatic_retries to at least one with this to fix interactions with broken keepalive implementations.

If you need to use a custom keystore (.jks) specify that here. This does not work with .pem keys!

Specify the keystore password here. Note, most .jks files created with keytool require a password!

Specify the keystore type here. One of JKS or PKCS12. Default is JKS

Password to be used in conjunction with the username for HTTP authentication.

Max number of concurrent connections. Defaults to 50

Max number of concurrent connections to a single host. Defaults to 25

If you’d like to use an HTTP proxy . This supports multiple configuration syntaxes:

Timeout (in seconds) for the entire request.

If automatic_retries is enabled this will cause non-idempotent HTTP verbs (such as POST) to be retried.

Timeout (in seconds) to wait for data on the socket. Default is 10s

If you need to use a custom truststore (.jks) specify that here. This does not work with .pem certs!

Specify the truststore password here. Note, most .jks files created with keytool require a password!

Specify the truststore type here. One of JKS or PKCS12. Default is JKS

Username to use with HTTP authentication for ALL requests. Note that you can also set this per-URL. If you set this you must also set the password option.

How long to wait before checking if the connection is stale before executing a request on a connection using keepalive. # You may want to set this lower, possibly to 0 if you get connection errors regularly Quoting the Apache commons docs (this client is based Apache Commmons): Defines period of inactivity in milliseconds after which persistent connections must be re-validated prior to being leased to the consumer. Non-positive value passed to this method disables connection validation. This check helps detect connections that have become stale (half-closed) while kept inactive in the pool. See these docs for more info

If this filter is successful, add any arbitrary fields to this event. Field names can be dynamic and include parts of the event using the %{field}.

Example:

    filter {
      http {
        add_field => { "foo_%{somefield}" => "Hello world, from %{host}" }
      }
    }

    # You can also add multiple fields at once:
    filter {
      http {
        add_field => {
          "foo_%{somefield}" => "Hello world, from %{host}"
          "new_field" => "new_static_value"
        }
      }
    }

If the event has field "somefield" == "hello" this filter, on success, would add field foo_hello if it is present, with the value above and the %{host} piece replaced with that value from the event. The second example would also add a hardcoded field.

If this filter is successful, add arbitrary tags to the event. Tags can be dynamic and include parts of the event using the %{field} syntax.

Example:

    filter {
      http {
        add_tag => [ "foo_%{somefield}" ]
      }
    }

    # You can also add multiple tags at once:
    filter {
      http {
        add_tag => [ "foo_%{somefield}", "taggedy_tag"]
      }
    }

If the event has field "somefield" == "hello" this filter, on success, would add a tag foo_hello (and the second example would of course add a taggedy_tag tag).

Disable or enable metric logging for this specific plugin instance by default we record all the metrics we can, but you can disable metrics collection for a specific plugin.

Add a unique ID to the plugin configuration. If no ID is specified, Logstash will generate one. It is strongly recommended to set this ID in your configuration. This is particularly useful when you have two or more plugins of the same type, for example, if you have 2 http filters. Adding a named ID in this case will help in monitoring Logstash when using the monitoring APIs.

    filter {
      http {
        id => "ABC"
      }
    }

Call the filter flush method at regular interval. Optional.

If this filter is successful, remove arbitrary fields from this event. Fields names can be dynamic and include parts of the event using the %{field} Example:

    filter {
      http {
        remove_field => [ "foo_%{somefield}" ]
      }
    }

    # You can also remove multiple fields at once:
    filter {
      http {
        remove_field => [ "foo_%{somefield}", "my_extraneous_field" ]
      }
    }

If the event has field "somefield" == "hello" this filter, on success, would remove the field with name foo_hello if it is present. The second example would remove an additional, non-dynamic field.

If this filter is successful, remove arbitrary tags from the event. Tags can be dynamic and include parts of the event using the %{field} syntax.

Example:

    filter {
      http {
        remove_tag => [ "foo_%{somefield}" ]
      }
    }

    # You can also remove multiple tags at once:
    filter {
      http {
        remove_tag => [ "foo_%{somefield}", "sad_unwanted_tag"]
      }
    }

If the event has field "somefield" == "hello" this filter, on success, would remove the tag foo_hello if it is present. The second example would remove a sad, unwanted tag as well.