You are viewing docs on Elastic's new documentation system, currently in technical preview. For all other Elastic docs, visit elastic.co/guide.

Custom HTTP Endpoint Logs

Collect JSON data from listening HTTP port with Elastic Agent.

Version
1.16.0 (View all)
Compatible Kibana version(s)
8.12.0 or higher
Supported Serverless project types

Security
Observability
Subscription level
Basic
Level of support
Elastic

The custom HTTP Endpoint Log integration initializes a listening HTTP server that collects incoming HTTP POST requests containing a JSON body. The body must be either an object or an array of objects. Any other data types will result in an HTTP 400 (Bad Request) response. For arrays, one document is created for each object in the array.

These are the possible response codes from the server.

HTTP Response CodeNameReason
200
OK
Returned on success.
400
Bad Request
Returned if JSON body decoding fails.
401
Unauthorized
Returned when basic auth, secret header, or HMAC validation fails.
405
Method Not Allowed
Returned if methods other than POST are used.
406
Not Acceptable
Returned if the POST request does not contain a body.
415
Unsupported Media Type
Returned if the Content-Type is not application/json.
500
Internal Server Error
Returned if an I/O error occurs reading the request.

Custom ingest pipelines may be added by adding the name to the pipeline configuration option, creating custom ingest pipelines can be done either through the API or the Ingest Node Pipeline UI.

Changelog

VersionDetailsKibana version(s)

1.16.0

Enhancement View pull request
Allow user selection of HTTP method.

8.12.0 or higher

1.15.0

Enhancement View pull request
Set sensitive values as secret.

8.12.0 or higher

1.14.1

Enhancement View pull request
Changed owners

7.16.0 or higher
8.0.0 or higher

1.14.0

Enhancement View pull request
ECS version updated to 8.11.0.

7.16.0 or higher
8.0.0 or higher

1.13.0

Enhancement View pull request
ECS version updated to 8.10.0.

7.16.0 or higher
8.0.0 or higher

1.12.0

Enhancement View pull request
The format_version in the package manifest changed from 2.11.0 to 3.0.0. Removed dotted YAML keys from package manifest. Added 'owner.type: elastic' to package manifest.

7.16.0 or higher
8.0.0 or higher

1.11.0

Enhancement View pull request
Add tags.yml file so that integration's dashboards and saved searches are tagged with "Security Solution" and displayed in the Security Solution UI.

7.16.0 or higher
8.0.0 or higher

1.10.0

Enhancement View pull request
Update package to ECS 8.9.0.

7.16.0 or higher
8.0.0 or higher

1.9.1

Bug fix View pull request
Fix handling of include header config.

7.16.0 or higher
8.0.0 or higher

1.9.0

Enhancement View pull request
Update package to ECS 8.8.0.

7.16.0 or higher
8.0.0 or higher

1.8.0

Enhancement View pull request
Update package-spec version to 2.7.0.

7.16.0 or higher
8.0.0 or higher

1.7.0

Enhancement View pull request
Update package to ECS 8.7.0.

7.16.0 or higher
8.0.0 or higher

1.6.1

Enhancement View pull request
Added categories and/or subcategories.

7.16.0 or higher
8.0.0 or higher

1.6.0

Enhancement View pull request
Update package to ECS 8.6.0.

7.16.0 or higher
8.0.0 or higher

1.5.0

Enhancement View pull request
Added infrastructure category.

7.16.0 or higher
8.0.0 or higher

1.4.0

Enhancement View pull request
Update package to ECS 8.5.0.

7.16.0 or higher
8.0.0 or higher

1.3.0

Enhancement View pull request
Update package to ECS 8.4.0

7.16.0 or higher
8.0.0 or higher

1.2.0

Enhancement View pull request
Update package to ECS 8.3.0.

7.16.0 or higher
8.0.0 or higher

1.1.0

Enhancement View pull request
Update ECS to 8.2

7.16.0 or higher
8.0.0 or higher

1.0.1

Enhancement View pull request
Update readme

7.16.0 or higher
8.0.0 or higher

1.0.0

Enhancement View pull request
Initial Release

On this page