elasticsearch-logger

When the Plugin is enabled, APISIX will serialize the request context information to and submit it to the batch queue. When the maximum batch size is exceeded, the data in the queue is pushed to Elasticsearch. See batch processor for more details.

Attributes

NOTE: encrypt_fields = {"auth.password"} is also defined in the schema, which means that the field will be stored encrypted in etcd. See encrypted storage fields.

This Plugin supports using batch processors to aggregate and process entries (logs/data) in a batch. This avoids the need for frequently submitting the data. The batch processor submits data every 5 seconds or when the data in the queue reaches 1000. See for more information or setting your custom configuration.

The example below shows a complete configuration of the Plugin on a specific Route:

  1. curl http://127.0.0.1:9180/apisix/admin/routes/1 \
  2. -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d '
  3. {
  4.     "plugins":{
  5.         "elasticsearch-logger":{
  6.             "endpoint_addr":"http://127.0.0.1:9200",
  7.             "field":{
  8.                 "index":"services"
  9.             }
  10.         }
  11.     },
  12.     "upstream":{
  13.         "type":"roundrobin",
  14.             "127.0.0.1:1980":1
  15.         }
  17.     "uri":"/elasticsearch.do"
  18. }'

Example usage

Once you have configured the Route to use the Plugin, when you make a request to APISIX, it will be logged in your Elasticsearch server:

  1. curl -i http://127.0.0.1:9080/elasticsearch.do\?q\=hello
  2. HTTP/1.1 200 OK
  3. ...
  4. hello, world

You should be able to get the log from elasticsearch:

You can also set the format of the logs by configuring the Plugin metadata. The following configurations are available:

NameTypeRequiredDefaultDescription
log_formatobjectFalse{“host”: “$host”, “@timestamp”: “$time_iso8601”, “client_ip”: “$remote_addr”}Log format declared as key value pairs in JSON format. Values only support strings. or Nginx variables can be used by prefixing the string with $.
IMPORTANT

Configuring the Plugin metadata is global in scope. This means that it will take effect on all Routes and Services which use the elasticsearch-logger Plugin.

  1. curl http://127.0.0.1:9180/apisix/admin/plugin_metadata/elasticsearch-logger \
  2. -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d '
  3. {
  4.     "log_format": {
  5.         "host": "$host",
  6.         "@timestamp": "$time_iso8601",
  7.         "client_ip": "$remote_addr"
  8.     }
  9. }'

With this configuration, your logs would be formatted as shown below:

  1. {"host":"localhost","@timestamp":"2020-09-23T19:05:05-04:00","client_ip":"127.0.0.1","route_id":"1"}
  2. {"host":"localhost","@timestamp":"2020-09-23T19:05:05-04:00","client_ip":"127.0.0.1","route_id":"1"}

make a request to APISIX again:

You should be able to get this log from elasticsearch:

  1. curl -X GET "http://127.0.0.1:9200/services/_search" | jq .
  2. {
  3.   "took": 0,
  5.     "total": {
  6.       "value": 1,
  7.       "relation": "eq"
  8.     },
  9.     "max_score": 1,
  10.     "hits": [
  11.       {
  12.         "_index": "services",
  13.         "_type": "_doc",
  14.         "_id": "NVqExYIBRmRqWkmH4WwG",
  15.         "_score": 1,
  16.         "_source": {
  17.           "@timestamp": "2022-08-22T20:26:31+08:00",
  18.           "client_ip": "127.0.0.1",
  19.           "host": "127.0.0.1",
  20.           "route_id": "1"
  21.         }
  22.       }
  23.     ]
  24.   }
  25. }
  1. curl http://127.0.0.1:9180/apisix/admin/plugin_metadata/elasticsearch-logger \

Disable Plugin

To disable the Plugin, you can delete the corresponding JSON configuration from the Plugin configuration. APISIX will automatically reload and you do not have to restart for this to take effect.