Send logs from Elastic Bulk API
Axiom is a log management platform that offers an Elasticsearch Bulk API emulation to facilitate migration from Elasticsearch or integration with tools that support the Elasticsearch Bulk API.
Using the Elastic Bulk API and Axiom in your application provides a robust way to store and manage logs.
Note: The Elasticsearch Bulk API expects the timestamp to be formatted as @timestamp, not _time. For example:
{"index": {"_index": "myindex", "_id": "1"}}
{"@timestamp": "2024-01-07T12:00:00Z", "message": "axiom elastic bulk", "severity": "INFO"}Send logs to Axiom using the Elasticsearch Bulk API and Go
To send logs to Axiom using the Elasticsearch Bulk API and Go, use the net/http package to create and send the HTTP request.
Prepare your data
The data needs to be formatted as per the Bulk API's requirements. Here's a simple example of how to prepare your data:
data :=
{"index": {"_index": "myindex", "_id": "1"}}
{"@timestamp": "2023-06-06T12:00:00Z", "message": "axiom elastic bulk", "severity": "INFO"}
{"index": {"_index": "myindex", "_id": "2"}}
{"@timestamp": "2023-06-06T12:00:01Z", "message": "axiom elastic bulk api", "severity": "ERROR"}Send data to Axiom
Obtain an Axiom API token for the Authorization header, and dataset.
package main
import (
"bytes"
"fmt"
"io/ioutil"
"log"
"net/http"
)
func main() {
data := []byte(`{"index": {"_index": "myindex", "_id": "1"}}
{"@timestamp": "2023-06-06T12:00:00Z", "message": "axiom elastic bulk", "severity": "INFO"}
{"index": {"_index": "myindex", "_id": "2"}}
{"@timestamp": "2023-06-06T12:00:01Z", "message": "axiom elastic bulk api", "severity": "ERROR"}
`)
// Create a new request using http
req, err := http.NewRequest("POST", "https://api.axiom.co:443/v1/datasets/$DATASET/elastic/_bulk", bytes.NewBuffer(data))
if err != nil {
log.Fatalf("Error creating request: %v", err)
}
// Add authorization header to the request
req.Header.Add("Authorization", "Bearer $API_TOKEN")
req.Header.Add("Content-Type", "application/x-ndjson")
// Send request using http.Client
client := &http.Client{}
resp, err := client.Do(req)
if err != nil {
log.Fatalf("Error on response: %v", err)
}
defer resp.Body.Close()
// Read and print the response body
body, err := ioutil.ReadAll(resp.Body)
if err != nil {
log.Fatalf("Error reading response body: %v", err)
}
fmt.Printf("Response status: %s\nResponse body: %s\n", resp.Status, string(body))
}Send logs to Axiom using the Elasticsearch Bulk API and Python
To send logs to Axiom using the Elasticsearch Bulk API and Python, use the built-in requests library.
Prepare your data
The data sent needs to be formatted as per the Bulk API's requirements. Here's a simple example of how to prepare the data:
data = """
{"index": {"_index": "myindex", "_id": "1"}}
{"@timestamp": "2023-06-06T12:00:00Z", "message": "Log message 1", "severity": "INFO"}
{"index": {"_index": "myindex", "_id": "2"}}
{"@timestamp": "2023-06-06T12:00:01Z", "message": "Log message 2", "severity": "ERROR"}
"""Send data to Axiom
Obtain an Axiom API token for the Authorization header, and dataset.
import requests
import json
data = """
{"index": {"_index": "myindex", "_id": "1"}}
{"@timestamp": "2024-01-07T12:00:00Z", "message": "axiom elastic bulk", "severity": "INFO"}
{"index": {"_index": "myindex", "_id": "2"}}
{"@timestamp": "2024-01-07T12:00:01Z", "message": "Log message 2", "severity": "ERROR"}
"""
# Replace these with your actual dataset name and API token
dataset = "$DATASET"
api_token = "$API_TOKEN"
# The URL for the bulk API
url = f'https://api.axiom.co:443/v1/datasets/{dataset}/elastic/_bulk'
try:
response = requests.post(
url,
data=data,
headers={
'Content-Type': 'application/x-ndjson',
'Authorization': f'Bearer {api_token}'
}
)
response.raise_for_status()
except requests.HTTPError as http_err:
print(f'HTTP error occurred: {http_err}')
print('Response:', response.text)
except Exception as err:
print(f'Other error occurred: {err}')
else:
print('Success!')
try:
print(response.json())
except json.JSONDecodeError:
print(response.text)Send logs to Axiom using the Elasticsearch Bulk API and JavaScript
Use the axios library in JavaScript to send logs to Axiom using the Elasticsearch Bulk API.
Prepare your data
The data sent needs to be formatted as per the Bulk API's requirements. Here's a simple example of how to prepare the data:
let data = `
{"index": {"_index": "myindex", "_id": "1"}}
{"@timestamp": "2023-06-06T12:00:00Z", "message": "Log message 1", "severity": "INFO"}
{"index": {"_index": "myindex", "_id": "2"}}
{"@timestamp": "2023-06-06T12:00:01Z", "message": "Log message 2", "severity": "ERROR"}
`;Send data to Axiom
Obtain an Axiom API token for the Authorization header, and dataset.
const axios = require('axios');
// Axiom elastic API URL
const AxiomApiUrl = 'https://api.axiom.co:443/v1/datasets/$DATASET/elastic/_bulk';
// Your Axiom API token
const AxiomToken = '$API_TOKEN';
// The logs data retrieved from Elasticsearch
const logs = [
{"index": {"_index": "myindex", "_id": "1"}},
{"@timestamp": "2023-06-06T12:00:00Z", "message": "axiom logging", "severity": "INFO"},
{"index": {"_index": "myindex", "_id": "2"}},
{"@timestamp": "2023-06-06T12:00:01Z", "message": "axiom log data", "severity": "ERROR"}
];
// Convert the logs to a single string with newline separators
const data = logs.map(log => JSON.stringify(log)).join('\n') + '\n';
axios.post(AxiomApiUrl, data, {
headers: {
'Content-Type': 'application/x-ndjson',
'Authorization': `Bearer ${AxiomToken}`
}
})
.then((response) => {
console.log('Response Status:', response.status);
console.log('Response Data:', response.data);
})
.catch((error) => {
console.error('Error:', error.response ? error.response.data : error.message);
});Send logs to Axiom using the Elasticsearch Bulk API and PHP
To send logs from PHP to Axiom using the Elasticseach Bulk API, make sure you have installed the necessary PHP libraries: Guzzle for making HTTP requests and JsonMachine for handling newline-delimited JSON data.
Prepare your data
The data sent needs to be formatted as per the Bulk API's requirements. Here's a simple example of how to prepare the data:
$data = <<<EOD
{"index": {"_index": "myindex", "_id": "1"}}
{"@timestamp": "2023-06-06T12:00:00Z", "message": "Log message 1", "severity": "INFO"}
{"index": {"_index": "myindex", "_id": "2"}}
{"@timestamp": "2023-06-06T12:00:01Z", "message": "Log message 2", "severity": "ERROR"}
EOD;Send data to Axiom
<?php
require 'vendor/autoload.php';
use GuzzleHttp\Client;
$client = new Client([
'base_uri' => 'https://api.axiom.co:443/v1/datasets/$DATASET/elastic/_bulk', // Update with your Axiom host
'timeout' => 2.0,
]);
// Your Axiom API token
$AxiomToken = '$API_TOKEN';
// The logs data retrieved from Elasticsearch
// Note: Replace this with your actual code to retrieve logs from Elasticsearch
$logs = [
["@timestamp" => "2023-06-06T12:00:00Z", "message" => "axiom logger", "severity" => "INFO"],
["@timestamp" => "2023-06-06T12:00:01Z", "message" => "axiom logging elasticsearch", "severity" => "ERROR"]
];
$events = array_map(function ($log) {
return [
'@timestamp' => $log['@timestamp'],
'attributes' => $log
];
}, $logs);
// Create the payload for Axiom
$payload = [
'tags' => [
'source' => 'myapplication',
'host' => 'myhost'
],
'events' => $events
];
try {
$response = $client->post('', [
'headers' => [
'Authorization' => 'Bearer ' . $AxiomToken,
'Content-Type' => 'application/x-ndjson',
],
'json' => $payload,
]);
// handle response here
$statusCode = $response->getStatusCode();
$content = $response->getBody();
echo "Status code: $statusCode \nContent: $content";
} catch (\Exception $e) {
// handle exception here
echo "Error: " . $e->getMessage();
}