Logstash 5.4.1 Release Notes

  • Fixed an issue on Windows where Logstash was unable to locate the default log4j2.properties file (Issue 6352).

Input Plugins


  • Fixed an issue where Logstash would incorrectly close the connection from beats due to a timeout (Issue 185).


  • This plugin now automatically reconnects on connection issues (Issue 45).

HTTP Poller:

  • Added option to specify top-level user/password options that apply to all URLs by default.
  • Added eager auth functionality. This means the client will send any credentials in its first request rather than waiting for a 401 challenge.


  • This input now rejects any non-log4j log objects sent as input.


  • Updated the underlying RabbitMQ Java lib to v3.0.0.


  • Fixed an issue where Logstash would crash when attempting to ingest a JSON file with a message attribute that was not a string (Issue 109).


  • Fixed scrolling to use JSON bodies in the requests.

Filter Plugins


  • This plugin now ignores canceled events. Previously, these events were unnecessarily processed.


  • Improved error messages that could happen during startup.


  • Fixed an issue where a subdirectory under the patterns directory could cause Logstash to crash at startup (Issue 110).
  • Added ability to define custom patterns within a grok filter by using the pattern_definitions config option.

URL Decode:

  • Fixed an issue where Logstash would crash when processing Unicode input with this filter.

Output Plugins


  • Fixed the restore_from_crash option to use the same upload options as the normal uploader (Issue 140).
  • Updated the canned_acl option to allow public-read, public-read-write and authenticated-read as possible values.


  • Updated the underlying RabbitMQ Java lib to v3.0.0.


  • Added support for customizing the sniffing path with the sniffing_path and absolute_sniffing_path config options.


  • Fixed a bug when Logstash would fail to start up when SASL_SSL and PLAIN (no Kerberos) options were specified.