Fastly will upload log messages periodically to the server in the format specified in the Elasticsearch object.

Data model

nameStringThe name of the Elasticsearch endpoint. Required.
service_idStringThe alphanumeric string identifying a service.
versionIntegerThe current version of a service.
indexStringThe name of the Elasticsearch index to send documents (logs) to. The index must follow the Elasticsearch index format rules. We support strftime interpolated variables inside braces prefixed with a pound symbol. For example, #{%F} will interpolate as YYYY-MM-DD with today's date. Required.
urlStringThe URL to stream logs to. Must use HTTPS. Required.
pipelineStringThe ID of the Elasticsearch ingest pipeline to apply pre-process transformations to before indexing. For example my_pipeline_id. Learn more about creating a pipeline in the Elasticsearch docs.
request_max_entriesIntegerMaximum number of logs to append to a batch, if non-zero. Defaults to 0 for unbounded.
request_max_bytesIntegerMaximum size of log batch, if non-zero. Defaults to 0 for unbounded.
userStringBasicAuth User.
passwordStringBasicAuth Pass.
tls_ca_certStringA secure certificate to authenticate the server with. Must be in PEM format.
tls_client_certStringThe client certificate used to make authenticated requests. Must be in PEM format.
tls_client_keyStringThe client private key used to make authenticated requests. Must be in PEM format.
tls_hostnameStringThe hostname used to verify the server's certificate. It can either be the Common Name (CN) or a Subject Alternative Name (SAN).
formatStringApache style log formatting. Your log must produce valid JSON that Elasticsearch can ingest.
format_versionIntegerThe version of the custom logging format used for the configured endpoint. Can be either 2 (the default, version 2 log format) or 1 (the version 1 log format). The logging call gets placed by default in vcl_log if format_version is set to 2 and in vcl_deliver if format_version is set to 1.
placementStringWhere in the generated VCL the logging call should be placed, overriding any format_version default. Can be none or waf_debug. This field is not required and has no default value.
response_conditionStringThe name of an existing condition in the configured endpoint, or leave blank to always execute.
created_atStringTime-stamp (GMT) when the endpoint was created.
updated_atStringTime-stamp (GMT) when the endpoint was deleted.
deleted_atStringTime-stamp (GMT) when the endpoint was deleted.


List Elasticsearch log endpoints


Get an Elasticsearch log endpoint


Create an Elasticsearch log endpoint


Update an Elasticsearch log endpoint


Delete an Elasticsearch log endpoint


User contributed notes

We welcome comments that add use cases, ideas, tips, and caveats. All comments will be moderated before publication. To post support questions, visit our support center and we'll find you the help you need.