Log Insight: Using the Ingestion API

As I am sure you know, Log Insight 2.0 features an ingestion API, which makes it possible to ingest information without use of the syslog protocol. The API uses a JSON string to send events to Log Insight and also supports the ability to pass fields during ingestion time. An example of a JSON message would be:

Depending on your operating system, you have a variety tools to send API events like the above. For example:

Depending on the method you choose and the format in which you pass the information you will get one of the following return codes:

  • 200 OK
  • 400 Bad Request
  • 500 Internal Server Error
  • 503 Service Unavailable

Unless you receive 200 OK something is wrong that needs to be corrected. If you get 503 Service Unavailable then the issue is either server-side or network related. The 400 and 500 error codes point to a client-side error. The question becomes, how do you fix client-side errors?

api

Continue reading