Skip to content
The fastest way to get started with logsearch, cf-release and bosh-lite
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.


The fastest way to deploy Logsearch in combination with Cloud Foundry onto bosh-lite.


To get started you will need a running bosh-lite. Get yours by following the instructions here

Next step is setting up this repository

git clone
cd logsearch-boshworkspace
bundle install


The logsearch community has created some pre-built filters. They are distributed as addon repositories (such as

A rake task is provided to fetch a subset of these addon filters and update the templates/ to include the logstash filters.

rake addons:update

Currently some addon's test suites fail - you can continue with:

rake addons:update_templates

Open issues for failing test suites for addons:

  • cf
  • website


This section includes instructions for configuration and deployment of Logsearch.

Deploy Logsearch to bosh-lite

bosh deployment logsearch-warden
bosh prepare deployment
bosh deploy

Since the deployment characteristics of Cloud Foundry on bosh-lite/warden are well known (static IPs, etc) you do not need to modify the deployments/logsearch-warden.yml file for this to work.

Deploy Logsearch to AWS VPC

Copy the logsearch-aws-vpc.yml or logsearch-aws-vpc-cf-route.yml to a new file that you will edit:

cp deployments/logsearch-aws-vpc-cf-route.yml deployments/my-logsearch.yml

Edit deployments/my-logsearch.yml with your:

  • director UUID (run bosh status --uuid and populate into director_uuid)
  • NATS host (run bosh vms --dns and populate into
  • Network subnet (populate the subnet ID into meta.zones.z1.subnet_id and update other meta.zones.z1.* fields as necessary)
  • Security group (use the same security groups being used for Cloud Foundry and populate into meta.security_groups)
bosh deployment my-logsearch
bosh prepare deployment
bosh deploy

Update Cloud Foundry with Syslog enabled

You can now re-deploy Cloud Foundry with syslog emitting to your Logsearch Add the following to your Cloud Foundry deployment manifest.

First, get the IP or hostname for ingestor/0 VM:

$ bosh vms --dns
Deployment `logsearch-aws-test'

| Job/index  | State   | Resource Pool | IPs        | DNS A records                                   |
| ingestor/0 | running | common        |  | 0.ingestor.default.logsearch-aws-test.microbosh |

In the example above, use either or 0.ingestor.default.logsearch-aws-test.microbosh

Add the following to your Cloud Foundry deployment manifest (global properties as it is for all job templates):

    port: 5515
    transport: relp

Now redeploy Cloud Foundry:

$ bosh deploy

Access Kibana UI via Cloud Foundry router

Instead of logsearch-warden, use logsearch-warden-cf-route to make Kibana UI accessible via the public CF router (logs.DOMAIN)

Play time

Now you can browse to the Kibana dashboard here

You can’t perform that action at this time.