Configure Logstash

Create a new configuration file or update your existing to include the following: 
input {
  file {
    id => "file_input_id"
    path => <YOUR_LOG_PATH>
  }
}
filter {
  grok {
    match => { "message" => "<%{NONNEGINT:pri}>%{NONNEGINT:version} +(?:%{TIMESTAMP_ISO8601:log.timestamp}|-) +(?:%{HOSTNAME:hostname}|-) +(?:-|%{NOTSPACE:app.name}) +(?:-|%{NOTSPACE:procid}) (?:-|%{NOTSPACE:msgid}) +(?:[%{DATA:structured.data}]|-|) +%{GREEDYDATA:message}"}
  }
}
output {
  http {
    url => "https://ingestion.<REGION>.bronto.io"
    id => "my_plugin_id"
    headers => {
      "x-bronto-client" => "Logstash"
      "x-bronto-api-key" => <YOUR_API_KEY>
      "x-bronto-dataset" => <YOUR_DATASET_NAME>
      "x-bronto-collection" => <YOUR_COLLECTION_NAME>
      "Content-Type" => "text/html"
    }
    http_method => "post"
  }
 file {
   path => "test.log"
 }
}
The table below lists the parameters used to determine the Bronto dataset associated with the ingested data, ordered from highest to lowest precedence.
Parameter NameParameter Type
x-bronto-datasetHTTP Header
x-bronto-service-nameHTTP Header
x-bronto-log-nameHTTP Header
kubernetes.annotations.logs.bronto.io/datasetLog Metadata
service.nameLog Metadata
service_nameLog Metadata
kubernetes.annotations.service_nameLog Metadata
kubernetes.labels.app.kubernetes.io/nameLog Metadata
kubernetes.container_nameLog Metadata
The table below lists the parameters used to determine the Bronto collection associated with the ingested data, ordered from highest to lowest precedence.
Parameter NameParameter Type
x-bronto-collectionHTTP Header
x-bronto-service-namespaceHTTP Header
x-bronto-logsetHTTP Header
kubernetes.annotations.logs.bronto.io/collectionLog Metadata
service.namespaceLog Metadata
service_namespaceLog Metadata
Finally the table below lists the parameters used to assign tags to datasets, ordered from highest to lowest precedence.
Parameter NameParameter TypeExample
x-bronto-tagsHTTP Headerx-bronto-tags: tag1=value1,tag2=value2,…
kubernetes.annotations.tags.logs.bronto.io/<TAG_NAME>Log Metadatakubernetes.annotations.tags.logs.bronto.io/tag1: value1

Verify log collection

Once you have applied your configuration and restarted Fluent Bit, you can expect to see your log data being ingested to Bronto and accessible via the Search page.