Moving from Elastic Stack

If you are an existing user of the Elastic Stack with either Filebeat or Logstash, this is the page for you.

Humio® offers a complete replacement for the Elastic Search bulk API, meaning that switching your existing Filebeat or Logstash configurations over to Humio is very easy.

Setting up Humio

First, you will need to have access to a repository in Humio.

The quickest way to get started using Humio is to create an account in Humio Cloud, where you’ll get a personal sandbox repository for free.

Alternatively, you may choose to run our Docker image on your own infrastructure.

Beats

Since you are running Elastic Search, you are likely already familiar with the Beats platform. You will have to reconfigure it to contain this (or equivalent):

output.elasticsearch:
  hosts: ["elasticsearch:9200"]

To make all beats point to Humio, change the output.elasticsearch section to:

output.elasticsearch:
  hosts: ["https://<HOST>:443/api/v1/ingest/elastic-bulk"]
  username: <INGEST_TOKEN>

Replace <HOST> with the hostname of your Humio cluster. For Humio Cloud, use cloud.humio.com.

Make sure the port is set to 443. Beats’ default port is 9200.

<REPOSITORY_NAME> is the repository in which you wish to store you data. For example, set this to sandbox if you want to use your personal repository on Humio Cloud.

Finally, <INGEST_TOKEN> should be replaced with an Ingest Token for the repository. If your repository is empty, a dialog on the search page will contain your default ingest token

If you cannot find it there, you can always go to the Settings for your repository and create a new Ingest Token from there.

For more information about Beats data shippers, please take a look at Humio & Elastic Beats.