Logstash 7.8.0 released

We are happy to announce the general availability of the Logstash 7.8.0 release. This is the latest stable release and is now available for download. Please refer to the release notes for the complete list of bug fixes and features.

Authenticate to Elasticsearch with API Keys

As an enabler for many use cases across the Elastic Stack, Logstash integrates with Elasticsearch in various ways, and security remains top of mind for both Elastic and the broader community. Alongside other existing authentication options, we have introduced API key authentication for Elasticsearch with Logstash 7.8.0. API keys are secret tokens managed by Elasticsearch and Kibana that can be used as credentials for machine-to-machine authentication and authorization. It offers a flexible way to restrict Elasticsearch permissions for products like Logstash depending on the client’s responsibilities and use cases. For instance, the Logstash Elasticsearch output only needs write access. Users can therefore authenticate with an API key that only allows for writes to Elasticsearch, while reads and other actions would be prohibited.

With the 7.8.0 release, users can authenticate directly into Elasticsearch with API keys in the Elasticsearch output plugin. This requires creating an API key in Elasticsearch and specifying it in the new api_key option. Wire encryption (SSL/TLS) must also be enabled. Additionally, the usage of API keys is available in the Elasticsearch input (v4.7.0 and above) and Elasticsearch filter (v3.8.0 and above) plugins with a plugin update:

bin/logstash-plugin update logstash-input-elasticsearch

bin/logstash-plugin update logstash-filter-elasticsearch

For information around creating and managing API keys, please consult the Logstash security documentation.

Proxy support for management and monitoring

There are a myriad of ways Logstash ingests data into the Elastic Stack, and sometimes our users may deploy Logstash in a way where it may not be able to communicate directly with Elasticsearch or even reach out to the internet as a whole. Although there has been proxy support available in plugins like the Elasticsearch output, we have now added proxy support for Logstash monitoring and central management in the 7.8.0 release. The proxy URLs can be configured in the logstash.yml with the xpack.monitoring.elasticsearch.proxy and settings. 

Azure module deprecation

The Logstash Azure module has been deprecated in Logstash 7.8.0 and we plan to remove it completely in a future major release. For Azure users interested in monitoring their deployments with the Elastic Stack, we recommend checking out the Filebeat Azure module and Metricbeat Azure module. These newer modules provide comprehensive visibility into your Azure infrastructure and services, while complying with the Elastic Common Schema (ECS) for more seamless correlation with the many other data sources that may reside together in your Elastic Stack deployment.

Platform and Java Virtual Machine (JVM) support continues to grow

Logstash runs on many different operating platforms alongside various flavors of the Java Development Kit (JDK). We’ve recently been expanding this coverage, and Logstash 7.8.0 continues to trek down this important path. In this release, we’re proud to announce that Logstash has introduced support for running on CentOS/RHEL 8.x and Ubuntu 20.04. Additionally, we’ve added new JDK support for Zulu 11, AdoptOpenJDK 11, and Oracle/OpenJDK/AdoptOpenJDK 14.

Try it yourself!

Please download Logstash 7.8.0, try it, and let us know what you think on Twitter (@elastic) or in our forums and community Slack. You can report any bugs or feature requests on the Logstash Github issues page or within the respective plugin repositories.