Home

Awesome

logshark

Logshark is a debugger for JSON logs.

<kbd></kbd>

Logshark works by listening for logs on an HTTP port, it mimicks the Elasticsearch protocol so as to receive data from Beats (Filebeat, Metricbeat, Heartbeat, etc.) and Logstash using the standard elasticsearch output.

Features:

Download

Releases here

1) Start the server

binary

./logshark --host 0.0.0.0 --port 9200 --max 1000

docker

docker run -p 9200:9200 -it ugosan/logshark -host 0.0.0.0 -port 9200

You can reach the logshark container from another container using host.docker.internal like docker run --rm byrnedo/alpine-curl -v -XPOST -d '{"hello":"test"}' http://host.docker.internal:9200

docker-compose

docker-compose run -p 9200:9200 logshark -port 9200
version: "3.2"
services:

  #note you should not use "docker-compose up" but instead "docker-compose run logshark sh" since docker-compose doesnt attach to containers with "up". e.g. docker-compose run -p 9200:9200 logshark -port 9200
  logshark:
    image: ugosan/logshark
    tty: true
    stdin_open: true

2) Point your Logstash pipeline's output to it

Just like a normal elasticsearch output:

input {}

filter {}

output {
  elasticsearch {
    hosts => ["http://host.docker.internal:9200"]
  }
  
}