The Logstash Lines — Deep dive into grok, install plugins offline, and more!

Welcome back to The Logstash Lines! In these weekly posts, we'll share the latest happenings in the world of Logstash and its ecosystem.

This week, gain a deeper understanding of how to use the ever-popular grok filter plugin from Greg Medford. Here's his presentation on the topic from the just-concluded Monitorama conference in Portland:


Logstash Core and Plugins

  • We are continuing to solicit your feedback on our design for the JDBC/SQL input plugin. This frequently-requested plugin could potentially replace the deprecated JDBC river. We want to hear from you and consolidate existing community efforts around this plugin. So please chime in — we welcome, encourage, and very much appreciate all your comments on this design proposal!
  • Logstash 1.5.1, with several minor bug fixes to the 1.5.0 release, came out last week.
  • Made good progress on a solution to install plugins offline. This is a popular feature request from users who want to install plugins on machines with outbound Internet connections deliberately disabled for security purposes.
  • Updated AWS-based plugins to v2 of their Ruby SDK. This would update plugins such as the S3 input plugin, the S3 output plugin, the SQS input plugin, and the SNS output plugin, to name a few.
  • Kicked off a project to improve our documentation, including adding new sections such as "Deploying Logstash in production".
  • Added validation and a warning message when users update plugins to their newer major versions.
  • Testing and reviewing a PR that correctly handles backpressure in the Lumberjack input plugin. We provided a workaround for this in 1.5.0, but this is a better way to handle a deluge of incoming connections and avoiding OOM errors.

That's this week in The Logstash Lines. Come back next week for more Logstash news!