:plugin: http :type: input :default_codec: plain /////////////////////////////////////////// START - GENERATED VARIABLES, DO NOT EDIT! /////////////////////////////////////////// :version: %VERSION% :release_date: %RELEASE_DATE% :changelog_url: %CHANGELOG_URL% :include_path: ../../../../logstash/docs/include /////////////////////////////////////////// END - GENERATED VARIABLES, DO NOT EDIT! /////////////////////////////////////////// [id="plugins-{type}s-{plugin}"] === Http input plugin include::{include_path}/plugin_header.asciidoc[] ==== Description Using this input you can receive single or multiline events over http(s). Applications can send an HTTP request to the endpoint started by this input and Logstash will convert it into an event for subsequent processing. Users can pass plain text, JSON, or any formatted data and use a corresponding codec with this input. For Content-Type `application/json` the `json` codec is used, but for all other data formats, `plain` codec is used. This input can also be used to receive webhook requests to integrate with other services and applications. By taking advantage of the vast plugin ecosystem available in Logstash you can trigger actionable events right from your application. [id="plugins-{type}s-{plugin}-ecs_metadata"] ==== Event Metadata and the Elastic Common Schema (ECS) In addition to decoding the events, this input will add HTTP headers containing connection information to each event. When ECS compatibility is disabled, the headers are stored in the `headers` field, which has the potential to create confusion and schema conflicts downstream. When ECS is enabled, we can ensure a pipeline maintains access to this metadata throughout the event's lifecycle without polluting the top-level namespace. Here’s how ECS compatibility mode affects output. [cols="> described later. [cols="<,<,<",options="header",] |======================================================================= |Setting |Input type|Required | <> |<>|No | <> |<>|__Deprecated__ | <> | <>|No | <> |<>|No | <> |<>|__Deprecated__ | <> |<>|__Deprecated__ | <> |<>|No | <> |<>|No | <> |<>|No | <> |<>|No | <> |<>, one of `[200, 201, 202, 204]`|No | <> |<>|__Deprecated__ | <> |a valid filesystem path|No | <> |<>|No | <> |<>|No | <> |<>, one of `["none", "optional", "required"]`|No | <> |<>|No | <> |<>|No | <> |a valid filesystem path|No | <> |<>|No | <> |<>|No | <> |<>|No | <> |<>|No | <> |<>, one of `["none", "peer", "force_peer"]`|__Deprecated__ | <> |<>|No | <> |<>|__Deprecated__ | <> |<>|__Deprecated__ | <> |<>|No | <> |<>, one of `["none", "peer", "force_peer"]`|__Deprecated__ |======================================================================= Also see <> for a list of options supported by all input plugins.   [id="plugins-{type}s-{plugin}-additional_codecs"] ===== `additional_codecs` * Value type is <> * Default value is `{"application/json"=>"json"}` Apply specific codecs for specific content types. The default codec will be applied only after this list is checked and no codec for the request's content-type is found [id="plugins-{type}s-{plugin}-cipher_suites"] ===== `cipher_suites` deprecated[3.6.0, Replaced by <>] * Value type is <> The list of cipher suites to use, listed by priorities. [id="plugins-{type}s-{plugin}-ecs_compatibility"] ===== `ecs_compatibility` * Value type is <> * Supported values are: ** `disabled`: unstructured connection metadata added at root level ** `v1`,`v8`: headers added under `[@metadata][http][header]`. Some are copied to structured ECS fields `http`, `url`, `user_agent` and `host` Controls this plugin's compatibility with the {ecs-ref}[Elastic Common Schema (ECS)]. See <> for detailed information. **Sample output: ECS disabled** [source,text] ----- { "@version" => "1", "headers" => { "request_path" => "/twitter/tweet/1", "http_accept" => "*/*", "http_version" => "HTTP/1.1", "request_method" => "PUT", "http_host" => "localhost:8080", "http_user_agent" => "curl/7.64.1", "content_length" => "5", "content_type" => "application/x-www-form-urlencoded" }, "@timestamp" => 2021-05-28T19:27:28.609Z, "host" => "127.0.0.1", "message" => "hello" } ----- **Sample output: ECS enabled** [source,text] ----- { "@version" => "1", "user_agent" => { "original" => "curl/7.64.1" }, "http" => { "method" => "PUT", "request" => { "mime_type" => "application/x-www-form-urlencoded", "body" => { "bytes" => "5" } }, "version" => "HTTP/1.1" }, "url" => { "port" => "8080", "domain" => "snmp1", "path" => "/twitter/tweet/1" }, "@timestamp" => 2021-05-28T23:32:38.222Z, "host" => { "ip" => "127.0.0.1" }, "message" => "hello", } ----- [id="plugins-{type}s-{plugin}-host"] ===== `host` * Value type is <> * Default value is `"0.0.0.0"` The host or ip to bind [id="plugins-{type}s-{plugin}-keystore"] ===== `keystore` deprecated[3.7.0, Use <> instead] * Value type is <> * There is no default value for this setting. The JKS keystore to validate the client's certificates [id="plugins-{type}s-{plugin}-keystore_password"] ===== `keystore_password` deprecated[3.7.0, Use <> instead] * Value type is <> * There is no default value for this setting. Set the keystore password [id="plugins-{type}s-{plugin}-password"] ===== `password` * Value type is <> * There is no default value for this setting. Password for basic authorization [id="plugins-{type}s-{plugin}-port"] ===== `port` * Value type is <> * Default value is `8080` The TCP port to bind to [id="plugins-{type}s-{plugin}-max_content_length"] ===== `max_content_length` * Value type is <> * Default value is 104857600 The max content of an HTTP request in bytes. It defaults to 100mb. [id="plugins-{type}s-{plugin}-max_pending_requests"] ===== `max_pending_requests` * Value type is <> * Default value is 200 Maximum number of incoming requests to store in a temporary queue before being processed by worker threads. If a request arrives and the queue is full a 429 response will be returned immediately. This queue exists to deal with micro bursts of events and to improve overall throughput, so it should be changed very carefully as it can lead to memory pressure and impact performance. If you need to deal both periodic or unforeseen spikes in incoming requests consider enabling the Persistent Queue for the logstash pipeline. [id="plugins-{type}s-{plugin}-response_code"] ===== `response_code` * Value can be any of: 200, 201, 202, 204 * Default value is `200` The HTTP return code if the request is processed successfully. Other return codes may happen in the case of an error condition, such as invalid credentials (401), internal errors (503) or backpressure (429). If 204 (No Content) is set, the response body will not be sent in the response. [id="plugins-{type}s-{plugin}-response_headers"] ===== `response_headers` * Value type is <> * Default value is `{"Content-Type"=>"text/plain"}` specify a custom set of response headers [id="plugins-{type}s-{plugin}-remote_host_target_field"] ===== `remote_host_target_field` * Value type is <> * Default value is `"host"` when ECS is disabled * Default value is `[host][ip]` when ECS is enabled specify a target field for the client host of the http request [id="plugins-{type}s-{plugin}-request_headers_target_field"] ===== `request_headers_target_field` * Value type is <> * Default value is `"headers"` when ECS is disabled * Default value is `[@metadata][http][header]` when ECS is enabled specify target field for the client host of the http request [id="plugins-{type}s-{plugin}-ssl"] ===== `ssl` deprecated[3.7.0, Replaced by <>] * Value type is <> * Default value is `false` Events are, by default, sent in plain text. You can enable encryption by setting `ssl` to true and configuring the `ssl_certificate` and `ssl_key` options. [id="plugins-{type}s-{plugin}-ssl_certificate"] ===== `ssl_certificate` * Value type is <> * There is no default value for this setting. SSL certificate to use. [id="plugins-{type}s-{plugin}-ssl_certificate_authorities"] ===== `ssl_certificate_authorities` * Value type is <> * Default value is `[]` Validate client certificates against these authorities. You can define multiple files or paths. All the certificates will be read and added to the trust store. You need to configure the <> to `optional` or `required` to enable the verification. [id="plugins-{type}s-{plugin}-ssl_cipher_suites"] ===== `ssl_cipher_suites` * Value type is <> * Default value is `['TLS_AES_256_GCM_SHA384', 'TLS_AES_128_GCM_SHA256', 'TLS_CHACHA20_POLY1305_SHA256', 'TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384', 'TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384', 'TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256', 'TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256', 'TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256', 'TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256', 'TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384', 'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384', 'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256', 'TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256']` The list of cipher suites to use, listed by priorities. This default list applies for OpenJDK 11.0.14 and higher. For older JDK versions, the default list includes only suites supported by that version. For example, the ChaCha20 family of ciphers is not supported in older versions. [id="plugins-{type}s-{plugin}-ssl_client_authentication"] ===== `ssl_client_authentication` * Value can be any of: `none`, `optional`, `required` * Default value is `"none"` Controls the server's behavior in regard to requesting a certificate from client connections: `required` forces a client to present a certificate, while `optional` requests a client certificate but the client is not required to present one. Defaults to `none`, which disables the client authentication. NOTE: This setting can be used only if <> is set. [id="plugins-{type}s-{plugin}-ssl_enabled"] ===== `ssl_enabled` * Value type is <> * Default value is `false` Events are, by default, sent in plain text. You can enable encryption by setting `ssl_enabled` to true and configuring the <> and <> options. [id="plugins-{type}s-{plugin}-ssl_handshake_timeout"] ===== `ssl_handshake_timeout` * Value type is <> * Default value is `10000` Time in milliseconds for an incomplete ssl handshake to timeout [id="plugins-{type}s-{plugin}-ssl_key"] ===== `ssl_key` * Value type is <> * There is no default value for this setting. SSL key to use. NOTE: This key need to be in the PKCS8 format, you can convert it with https://www.openssl.org/docs/man1.1.1/man1/openssl-pkcs8.html[OpenSSL] for more information. [id="plugins-{type}s-{plugin}-ssl_key_passphrase"] ===== `ssl_key_passphrase` * Value type is <> * There is no default value for this setting. SSL key passphrase to use. [id="plugins-{type}s-{plugin}-ssl_keystore_path"] ===== `ssl_keystore_path` * Value type is <> * There is no default value for this setting. The JKS keystore to validate the client's certificates [id="plugins-{type}s-{plugin}-ssl_keystore_password"] ===== `ssl_keystore_password` * Value type is <> * There is no default value for this setting. Set the JKS keystore password [id="plugins-{type}s-{plugin}-ssl_supported_protocols"] ===== `ssl_supported_protocols` * Value type is <> * Allowed values are: `'TLSv1.1'`, `'TLSv1.2'`, `'TLSv1.3'` * Default depends on the JDK being used. With up-to-date Logstash, the default is `['TLSv1.2', 'TLSv1.3']`. `'TLSv1.1'` is not considered secure and is only provided for legacy applications. List of allowed SSL/TLS versions to use when establishing a connection to the HTTP endpoint. For Java 8 `'TLSv1.3'` is supported only since **8u262** (AdoptOpenJDK), but requires that you set the `LS_JAVA_OPTS="-Djdk.tls.client.protocols=TLSv1.3"` system property in Logstash. NOTE: If you configure the plugin to use `'TLSv1.1'` on any recent JVM, such as the one packaged with Logstash, the protocol is disabled by default and needs to be enabled manually by changing `jdk.tls.disabledAlgorithms` in the *$JDK_HOME/conf/security/java.security* configuration file. That is, `TLSv1.1` needs to be removed from the list. [id="plugins-{type}s-{plugin}-ssl_verify_mode"] ===== `ssl_verify_mode` deprecated[3.7.0, Replaced by <>] * Value can be any of: `none`, `peer`, `force_peer` * Default value is `"none"` By default the server doesn't do any client verification. `peer` will make the server ask the client to provide a certificate. If the client provides a certificate, it will be validated. `force_peer` will make the server ask the client to provide a certificate. If the client doesn't provide a certificate, the connection will be closed. This option needs to be used with <> and a defined list of CAs. [id="plugins-{type}s-{plugin}-threads"] ===== `threads` * Value type is <> * Default value is number of processors Number of threads to use for both accepting connections and handling requests [id="plugins-{type}s-{plugin}-tls_max_version"] ===== `tls_max_version` deprecated[3.6.0] * Value type is <> The maximum TLS version allowed for the encrypted connections. The value must be the one of the following: 1.1 for TLS 1.1, 1.2 for TLS 1.2, 1.3 for TLSv1.3 [id="plugins-{type}s-{plugin}-tls_min_version"] ===== `tls_min_version` deprecated[3.6.0] * Value type is <> The minimum TLS version allowed for the encrypted connections. The value must be one of the following: 1.1 for TLS 1.1, 1.2 for TLS 1.2, 1.3 for TLSv1.3 [id="plugins-{type}s-{plugin}-user"] ===== `user` * Value type is <> * There is no default value for this setting. Username for basic authorization [id="plugins-{type}s-{plugin}-verify_mode"] ===== `verify_mode` deprecated[3.6.0, Replaced by <>] * Value can be any of: `none`, `peer`, `force_peer` * Default value is `"none"` Set the client certificate verification method. Valid methods: none, peer, force_peer [id="plugins-{type}s-{plugin}-common-options"] include::{include_path}/{type}.asciidoc[] :default_codec!: