Supported data types:
📘 LogsConfiguration
| Field | Type | Default | Required | Description |
|---|---|---|---|---|
| Name | String | none | true | Unique identifier within Sawmills. |
| Endpoint | String | none | true | The target Elasticsearch URL to which data will be sent. If multiple endpoints are added, they will be attempted in round-robin order. |
| Cloud ID | String | none | true | The Elastic Cloud ID of the Elastic Cloud Cluster to which data will be sent. |
| Enable Basic Auth | Boolean | false | true | Choose how to provide Elasticsearch credentials: via HTTP Basic Auth using a username and password or Elasticsearch API Key. Select ‘None’ to use your cluster’s authentication configuration. |
| Username | String | none | true | Username when using basic authentication. |
| Password | String | none | true | Password when using basic authentication. |
| API Key | String | none | true | Elasticsearch API Key in “encoded” format, when using API Key authentication. |
Advanced Options
| Field | Type | Default | Required | Description |
|---|---|---|---|---|
| Logs Index | String | none | false | The index or data stream name to publish logs to. Logs Index should be empty unless all logs should be sent to the same index. |
| Mapping Mode | Radio | ECS | true | Determines how OpenTelemetry data is mapped to Elasticsearch index documents. The ‘OTel’ mapping mode requires Elasticsearch 8.12 or above. |
Logstash Index Configuration
The Elasticsearch exporter supports dynamic index configuration through Logstash. You can specify the target index for your logs using theelasticsearch.index field in your Logstash configuration.
Example Logstash Configuration
- The exporter will use the
elasticsearch.indexattribute to determine the target index - The index name can include dynamic date patterns (e.g.,
%{+YYYY.MM.dd}) - You can use any Logstash condition to set different indices based on your requirements
Notes
- If
elasticsearch.indexis not set, the exporter will use the default index configuration - The index name must follow Elasticsearch naming conventions
- Date patterns in the index name will be evaluated at the time of sending the logs