In this article I will cover installation of the Logstash 5.0 in Linux and basic configuration apart from it I will cover validation of Logstash configuration. How Can we start and stop Logstash and verifying that everything is running properly
Let’s start with What is Logstash?
What is Logstash? Logstash is a data collection engine with real-time pipelining capabilities. You can use Logstash to collect your logs, parse them into your desirable format and store them for searching or monitoring for your application. Logstash latest version has more capabilities other than manage event and logs. Logstash has more than 200 plugins available including flexibility to create your own plugin. These Logstash plugin now facilitates Analysis, Archiving, Monitoring and Alerting features.
Prerequisites:
Logstash requires Java 8. Java 9 is not supported . You can use Official Oracle Distribution or an open-source distribution such as OpenJDK.
Install Logstash 5.0 on RHEL / CentOS 6 and above version through Package Repository
Install the apt-transport-https package on Debian before installation.
sudo apt-get install apt-transport-https
Save the repository definition to /etc/apt/sources.list.d/elastic-5.x.list:
echo "deb https://artifacts.elastic.co/packages/5.x/apt stable main"| sudo tee -a /etc/apt/sources.list.d/elastic-5.x.list
Update the apt-get package
sudo apt-get update
Now your repository is ready for use. You can install apt-get like this
sudo apt-get install logstash
Create a Basic Logstash Configuration
You can create basic logstash configuration in your project directory as well and pass this conf file using -f option. I have create this conf in /home/prod/logstash/logstash-simple.conf. logstash-simple.conf
How to install Logstash in Linuxhttp://techieroop.com/how-to-install-logstash-in-linux/http://techieroop.com/wp-content/uploads/2016/01/How-to-Install-Logstash-in-Linux.pnghttp://techieroop.com/wp-content/uploads/2016/01/How-to-Install-Logstash-in-Linux-150x150.pngRoopendraDevOPSLogstashELK,logging,Logstash
Install Logstash 5.0 in Linux
In this article I will cover installation of the Logstash 5.0 in Linux and basic configuration apart from it I will cover validation of Logstash configuration. How Can we start and stop Logstash and verifying that everything is running properlyLet's start with What is Logstash?What...
<h3>Install Logstash 5.0 in Linux</h3>
In this article I will cover installation of the <strong>Logstash</strong> 5.0 in Linux and basic configuration apart from it I will cover validation of <strong>Logstash</strong> configuration. How Can we start and stop Logstash and verifying that everything is running properlyLet's start with What is Logstash?<strong>What is Logstash?</strong>
<strong>Logstash</strong> is a data collection engine with real-time pipelining capabilities. You can use Logstash to collect your logs, parse them into your desirable format and store them for searching or monitoring for your application. Logstash latest version has more capabilities other than manage event and logs. Logstash has more than 200 plugins available including flexibility to create your own plugin. These Logstash plugin now facilitates <em><strong>Analysis, Archiving, Monitoring </strong></em>and <em><strong>Alerting</strong></em> features.<strong>Prerequisites:</strong>Logstash requires Java 8. Java 9 is not supported . You can use <a href="http://www.oracle.com/technetwork/java/javase/downloads/index.html">Official Oracle Distribution</a> or an open-source distribution such as <a class="ulink" href="http://openjdk.java.net/" target="_top">OpenJDK</a>.
<h3>Install Logstash 5.0 on RHEL / CentOS 6 and above version through Package Repository</h3>
Install Public Signing Key
<pre>rpm --import https://packages.elastic.co/GPG-KEY-elasticsearch</pre>
Add logstash.repo in /etc/yum.repos.d/
<pre class="programlisting prettyprint lang-sh prettyprinted"><span class="pun">[</span><span class="pln">logstash</span><span class="pun">-</span><span class="lit">5.x</span><span class="pun">]</span><span class="pln">
name</span><span class="pun">=</span><span class="typ">Elastic</span><span class="pln"> repository </span><span class="kwd">for</span> <span class="lit">5.x</span><span class="pln"> packages
baseurl</span><span class="pun">=</span><span class="pln">https</span><span class="pun">://</span><span class="pln">artifacts</span><span class="pun">.</span><span class="pln">elastic</span><span class="pun">.</span><span class="pln">co</span><span class="pun">/</span><span class="pln">packages</span><span class="pun">/</span><span class="lit">5.x</span><span class="pun">/</span><span class="pln">yum
gpgcheck</span><span class="pun">=</span><span class="lit">1</span><span class="pln">
gpgkey</span><span class="pun">=</span><span class="pln">https</span><span class="pun">://</span><span class="pln">artifacts</span><span class="pun">.</span><span class="pln">elastic</span><span class="pun">.</span><span class="pln">co</span><span class="pun">/</span><span class="pln">GPG</span><span class="pun">-</span><span class="pln">KEY</span><span class="pun">-</span><span class="pln">elasticsearch
enabled</span><span class="pun">=</span><span class="lit">1</span><span class="pln">
autorefresh</span><span class="pun">=</span><span class="lit">1</span><span class="pln">
type</span><span class="pun">=</span><span class="pln">rpm</span><span class="pun">-</span><span class="pln">md</span></pre>
Now logstash will be available for installation using yum.
<pre>yum install logstash</pre>
<h3>Install Logstash on Ubuntu</h3>
Download and install the Public Signing Key:
<div class="pre_wrapper">
<div class="pre_wrapper">
<pre class="programlisting prettyprint lang-sh prettyprinted"><span class="pln">wget </span><span class="pun">-</span><span class="pln">qO </span><span class="pun">-</span><span class="pln"> https</span><span class="pun">://</span><span class="pln">artifacts</span><span class="pun">.</span><span class="pln">elastic</span><span class="pun">.</span><span class="pln">co</span><span class="pun">/</span><span class="pln">GPG</span><span class="pun">-</span><span class="pln">KEY</span><span class="pun">-</span><span class="pln">elasticsearch </span><span class="pun">|</span><span class="pln"> sudo apt</span><span class="pun">-</span><span class="pln">key add </span><span class="pun">-</span></pre>
</div>
</div>
Install the <code class="literal">apt-transport-https</code> package on Debian before installation.
<pre class="programlisting prettyprint lang-sh prettyprinted"><span class="pln">sudo apt</span><span class="pun">-</span><span class="pln">get install apt</span><span class="pun">-</span><span class="pln">transport</span><span class="pun">-</span><span class="pln">https</span></pre>
Save the repository definition to <code class="literal">/etc/apt/sources.list.d/elastic-5.x.list</code>:
<div class="pre_wrapper">
<div class="pre_wrapper">
<pre class="programlisting prettyprint lang-sh prettyprinted"><span class="pln">echo </span><span class="str">"deb https://artifacts.elastic.co/packages/5.x/apt stable main"</span> <span class="pun">|</span><span class="pln"> sudo tee </span><span class="pun">-</span><span class="pln">a </span><span class="pun">/</span><span class="pln">etc</span><span class="pun">/</span><span class="pln">apt</span><span class="pun">/</span><span class="pln">sources</span><span class="pun">.</span><span class="pln">list</span><span class="pun">.</span><span class="pln">d</span><span class="pun">/</span><span class="pln">elastic</span><span class="pun">-</span><span class="lit">5.x</span><span class="pun">.</span><span class="pln">list</span></pre>
</div>
</div>
Update the apt-get package
<pre>sudo apt-get update</pre>
Now your repository is ready for use. You can install apt-get like this
<pre>sudo apt-get install logstash</pre>
<h4>Create a Basic Logstash Configuration</h4>
You can create basic logstash configuration in your project directory as well and pass this conf file using -f option. I have create this conf in /<strong>home/prod/logstash/logstash-simple.conf</strong>.
<strong>logstash-simple.conf</strong>
<pre>input { stdin { } }
output {
elasticsearch { hosts => ["localhost:9200"] }
stdout { codec => rubydebug }
}</pre>
Validate logstash conf file from<em> -config-test</em>. This option has been added on <em>logstash-2.1</em>.<strong>Config test on Centos 6</strong>
<pre>/opt/logstash/bin/logstash --configtest -f /home/prod/logstash/logstash-jdbc.conf</pre>
<strong>Start Logstash</strong>
<pre>sudo service logstash start</pre>
Roopendrahttps://plus.google.com/+TechieroopendraRoopendraVishwakarmaroopendramca@gmail.comAdministratorI'm Roopendra Vishwakarma, a DevOps Engineer and Blogger from India. I have experience in DevOps, Web Development and various Open Source Technology. I mostly write about latest technology, getting started tutorial and tricks and tips.TechieRoop
I'm Roopendra Vishwakarma, a DevOps Engineer and Blogger from India. I have experience in DevOps, Web Development and various Open Source Technology. I mostly write about latest technology, getting started tutorial and tricks and tips.