Event streaming is only available in Pangolin Cloud or self-hosted Enterprise Edition.
Overview
An HTTP destination sends POST requests to your endpoint. Configure:- Settings: Name, URL, and authentication.
- Headers: Optional static headers on every request.
- Body: Default JSON shape or a custom body template, plus payload format (how batches are packaged).
- Logs: Which log types are forwarded.
{ event, timestamp, data } object per log record.
Configure the connection
On the Settings tab, set a display name, the endpoint URL, and authentication:
Authentication and headers
On the Headers tab, add optional static headers sent with every request, for example a vendor-specific API key or a non-defaultContent-Type. When you do not override it, Pangolin sends Content-Type: application/json (or application/x-ndjson when using the NDJSON payload format).

Default payload (template off)
When custom body template is disabled, each log event is serialized as:
The field set inside
data depends on the log type. The same destination can stream multiple types; batches may contain heterogeneous data shapes. See Log type reference below and the dedicated log docs for full field lists.
Custom body template
On the Body tab, enable Custom body template and provide a JSON template string. Pangolin performs simple placeholder substitution, not a full templating language like Handlebars.
Template variables
Only these three placeholders are supported:
Canonical example (equivalent to the default payload):
{{data}} value are preserved from the log row.
Rules and constraints
- Simple substitution only: No conditionals, loops, filters, or expressions.
- No field paths: Placeholders like
{{data.orgId}},{{orgId}}, or{{ip}}do not work. To use a single field, read it from the fulldataobject on the receiver or transform after ingest. - Quote
{{data}}correctly:"field": {{data}}is valid;"field": "{{data}}"stringifies the object incorrectly and produces invalid or useless JSON. - One template per destination: The same template applies to every log type enabled on that destination. You cannot define different templates per log type on one HTTP destination.
- String escaping:
{{event}}and{{timestamp}}are JSON-escaped for safe use inside quoted strings. - Invalid JSON: Pangolin does not validate templates at save time. If the rendered body is not valid JSON, delivery may still occur but your receiver may reject it. Validate templates with a JSON linter before saving.
- Not available on other destination types: Body templates apply to HTTP streaming only, not S3 or Datadog destinations.
Payload format
Payload format is separate from the body template. The template defines the shape of one event; payload format controls how many events are sent per HTTP request.
The template is applied once per event, then results are batched into an array, joined as NDJSON lines, or sent individually, depending on the format you select.
Choose NDJSON for aggregators that expect newline-delimited ingest (Splunk HEC, Elastic/OpenSearch bulk-style HTTP inputs, Loki). Choose one event per request when the endpoint cannot accept batches.
Log type reference
Thedata object in each streamed event is the full stored log row. Field sets differ by log type. See the documentation for that log type under Logs & Analytics for the complete data shape.
Integration examples
Generic webhook (default shape, JSON array)
Leave custom body template disabled. Select JSON array payload format. Point the destination at your webhook URL with bearer or custom-header auth. Each batch POST body looks like:Log aggregator (NDJSON, minimal template)
Enable a custom template and select NDJSON:Vendor schema remapping
If a tool expects your log row under a specific key, wrap{{data}} without quotes:
Limitations and troubleshooting
- Field selection: Cannot pick individual columns in the template. Use full
{{data}}or transform after delivery. - Mixed log types: Enabling multiple log types on one destination produces heterogeneous
datain the same batch. Enable one type per destination if your pipeline expects a uniform schema. - Historical logs: New destinations do not backfill. Only events recorded after the destination is created are streamed.
- Delivery errors: Check the destination’s last error in the dashboard. Common causes: wrong URL, auth failure, TLS issues, or receiver rejecting malformed JSON.
- Quoting
{{data}}:"payload": "{{data}}"treats the entire row as a string, which is almost always wrong. Use"payload": {{data}}. - Splunk field extraction: Pangolin does not emit Splunk-style indexed fields in the template. Parse
dataor use a receiver-side pipeline.

