Welcome back to The Logstash Lines! In these weekly posts, we'll share the latest happenings in the world of Logstash and its ecosystem.
This week, we have a couple of interesting blog posts to share from the Logstash community:
- Tin Le from LinkedIn writes about how he uses Logstash to monitor Postfix logs: https://www.linkedin.com/pulse/monitoring-postfix-logs-elk-tin-le
- David Vassallo writes about how he setup Logstash to build a generic logging forensics platform that could consume logs from a variety of log sources: http://blog.davidvassallo.me/2015/04/21/building-a-logging-forensics-platform-using-elk-elasticsearch-logstash-kibana/
Logstash Core and Plugins
- File input plugin: A user reported that Logstash crashed when new files were added to a directory being followed. We fixed this, added tests, and released a plugin which can be used to update the existing LS deployment.
- Performance improvements: String interpolation is widely used in Logstash configuration files to create keys by combining dynamic values from extracted fields. For example, it is used to create the Elasticsearch index name from the timestamp of an event. We have added a caching mechanism where we compile string interpolation templates on first use and then reuse them in subsequent uses. We have observed a good performance gain in configurations that do a lot of date processing and use field reference syntax (e.g. [apache][status]).
- The work done on offline plugin installation is very close to being merged. The 180+ comments on the pull request provide some measure of the importance of this feature!
- HTTP output plugin: Improved security by adding TLSv1.1 support and exposed more options (enable/disable certificate verification) for configuring SSL.
- Expect 1.5.2 being released within the coming week or two. This will include, amongst other things, the the File input plugin fix and the offline plugin installation feature.
That's this week in The Logstash Lines. Come back next week for more Logstash news!