A newer version is available. For the latest information, see the current release documentation.
A special field for storing content that you don’t want to include in output events. For example, the
@metadatafield is useful for creating transient fields for use in conditional statements.
- codec plugin
- A Logstash plugin that changes the data representation of an event. Codecs are essentially stream filters that can operate as part of an input or output. Codecs enable you to separate the transport of messages from the serialization process. Popular codecs include json, msgpack, and plain (text).
A control flow that executes certain actions based on whether a statement (also called a condition) is true or false. Logstash supports
else if, and
elsestatements. You can use conditional statements to apply filters and send events to a specific output based on conditions that you specify.
- A single unit of information, containing a timestamp plus additional data. An event arrives via an input, and is subsequently parsed, timestamped, and passed through the Logstash pipeline.
- An event property. For example, each event in an apache access log has properties, such as a status code (200, 404), request path ("/", "index.html"), HTTP verb (GET, POST), client IP address, and so on. Logstash uses the term "fields" to refer to these properties.
- field reference
A reference to an event field. This reference may appear in an output block or filter block in the
Logstash config file. Field references are typically wrapped in square (
) brackets, for example
[fieldname]. If you are referring to a top-level field, you can omit the
and simply use the field name. To refer to a nested field, you specify the full path to that field:
[top-level field][nested field].
- filter plugin
- A Logstash plugin that performs intermediary processing on an event. Typically, filters act upon event data after it has been ingested via inputs, by mutating, enriching, and/or modifying the data according to configuration rules. Filters are often applied conditionally depending on the characteristics of the event. Popular filter plugins include grok, mutate, drop, clone, and geoip. Filter stages are optional.
- A self-contained package of code that’s hosted on RubyGems.org. Logstash plugins are packaged as Ruby Gems. You can use the Logstash plugin manager to manage Logstash gems.
- hot thread
- A Java thread that has high CPU usage and executes for a longer than normal period of time.
- input plugin
- A Logstash plugin that reads event data from a specific source. Input plugins are the first stage in the Logstash event processing pipeline. Popular input plugins include file, syslog, redis, and beats.
- A Logstash instance that is tasked with interfacing with an Elasticsearch cluster in order to index event data.
- message broker
- Also referred to as a message buffer or message queue, a message broker is external software (such as Redis, Kafka, or RabbitMQ) that stores messages from the Logstash shipper instance as an intermediate store, waiting to be processed by the Logstash indexer instance.
- output plugin
- A Logstash plugin that writes event data to a specific destination. Outputs are the final stage in the event pipeline. Popular output plugins include elasticsearch, file, graphite, and statsd.
- A term used to describe the flow of events through the Logstash workflow. A pipeline typically consists of a series of input, filter, and output stages. Input stages get data from a source and generate events, filter stages, which are optional, modify the event data, and output stages write the data to a destination. Inputs and outputs support codecs that enable you to encode or decode the data as it enters or exits the pipeline without having to use a separate filter.
- A self-contained software package that implements one of the stages in the Logstash event processing pipeline. The list of available plugins includes input plugins, output plugins, codec plugins, and filter plugins. The plugins are implemented as Ruby gems and hosted on RubyGems.org. You define the stages of an event processing pipeline by configuring plugins.
- plugin manager
Accessed via the
bin/logstash-pluginscript, the plugin manager enables you to manage the lifecycle of plugins in your Logstash deployment. You can install, remove, and upgrade plugins by using the plugin manager Command Line Interface (CLI).
- An instance of Logstash that send events to another instance of Logstash, or some other application.
- The filter thread model used by Logstash, where each worker receives an event and applies all filters, in order, before emitting the event to the output queue. This allows scalability across CPUs because many filters are CPU intensive.
Intro to Kibana
ELK for Logs & Metrics