Logstash is a log aggregator and a component of the Elastic (ELK) stack. It actively ingests logs from various sources as they are serialized, transforms them, and then re-serializes them to a different storage system.

The official documentation is here.

Input sources

Native sources

Logstash can read files, as if by tailing them.
It can also monitor the Unix system log (syslog).
It can subscribe to Redis pub-sub channels.
It can consume Elastic’s native health check service, Elastic Beats.

Plugins

In addition to these native sources, Logstash has plugins for all the sources of data you’d expect, such as:

AWS Cloudwatch
Change data capture
Various other message brokers (Kafka, Kinesis, Sub, etc.)

Interestingly, there is no official support for Google Cloud Logging. For this, you’d set up GCL to route logs to sub and consume from there.

The list of officially supported plugins is here.

Output sinks

The native and intended destination for Logstash output is Elasticsearch. It also natively supports graphite, statsd, and file output. As with inputs, there are also a bunch of officially supported plugins.

The list of officially supported output plugins is here.

David's raw ML reference notes

Explorer

Logstash

Input sources

Native sources

Plugins

Output sinks

Graph View

Table of Contents

Backlinks