Filters: how you can manipulate events in Logstash. A third block, which is optional, is called filter. The broker, search/storage and web interface parts are replaced with other open source software.Ĩ Logstash configuration The configuration file is mainly composed of two blocks, one called input and the other one called output. Web Interface: different options available: native one, based on Elasticsearch.ħ Logstash architecture The system we are testing now is using Logstash only to ship and indexing the events. Search and Storage: searching and storing the events. Broker and Indexer: receives and indexes the events. Depending on the configuration file a Logstash agent can act with different roles: Shipper, Indexer, Broker, Searching/Storage, Web interface.Ħ Logstash functions Shipper: send the collected events to another Logstash instance or another software. Easy to deploy: a single JAR file,it can be started directly from the cmd line (no Tomcat is needed). It is written in JRuby, a Java implementation of Ruby.
You can think of it as an event pipeline, divided in three parts: inputs, outputs and filters.
You can use it to collect logs, parse them, and store them for later use. 5 What is Logstash? Logstash is a tool for managing events and logs.