Logstash

Server-side pipeline that ingests, transforms, and forwards data to your preferred stash.

Access Logstash:

Pipelines are run via CLI.

Run pipelines as logstash user, not root.

Example:

sudo -u logstash /usr/share/logstash/bin/logstash -e "input { stdin { } } output { stdout { } }"

Wait for the pipeline to start. Once running, type input and observe the processed output.

Important Directories:

  • Config: /etc/logstash
  • Data: /var/lib/logstash
  • Logs: /var/log/logstash
  • Binaries: /usr/share/logstash/bin

Manage Logstash Service:

Use systemctl to manage the Logstash service:

systemctl status logstash
systemctl restart logstash
systemctl stop logstash
systemctl start logstash

Application Details