Logstash is a free and open server-side data processing pipeline that ingests data from a multitude of sources, transforms it, and then sends it to your favorite "stash."
Logstash 7.8 introduces support for authenticating to Elasticsearch with API keys, proxies for monitoring and management, and new JDKs and OS.
Data is often scattered or siloed across many systems in many formats. Logstash supports a variety of inputs that pull in events from a multitude of common sources, all at the same time. Easily ingest from your logs, metrics, web applications, data stores, and various AWS services, all in continuous, streaming fashion.
As data travels from source to store, Logstash filters parse each event, identify named fields to build structure, and transform them to converge on a common format for more powerful analysis and business value.
Logstash dynamically transforms and prepares your data regardless of format or complexity:
- Derive structure from unstructured data with grok
- Decipher geo coordinates from IP addresses
- Anonymize PII data, exclude sensitive fields completely
- Ease overall processing, independent of the data source, format, or schema.
While Elasticsearch is our go-to output that opens up a world of search and analytics possibilities, it’s not the only one available.
Logstash has a variety of outputs that let you route data where you want, giving you the flexibility to unlock a slew of downstream use cases.
Logstash has a pluggable framework featuring over 200 plugins. Mix, match, and orchestrate different inputs, filters, and outputs to work in pipeline harmony.
Ingesting from a custom application? Don’t see a plugin you need? Logstash plugins are easy to build. We’ve got a fantastic API for plugin development and a plugin generator to help you start and share your creations.
Plug & Play
Logstash modules orchestrate a turnkey ingest-to-visualize experience with popular data sources like ArcSight and NetFlow. With the power to instantly deploy ingestion pipelines and sophisticated dashboards, your data exploration starts in minutes.
If Logstash nodes happen to fail, Logstash guarantees at-least-once delivery for your in-flight events with its persistent queue. Events that are not successfully processed can be shunted to a dead letter queue for introspection and replay. With the ability to absorb throughput, Logstash scales through ingestion spikes without having to use an external queueing layer. Plus, we’ve made it possible for you to fully secure your ingest pipelines.
Logstash pipelines are often multipurpose and can become sophisticated, making a strong understanding of pipeline performance, availability, and bottlenecks invaluable. With monitoring and pipeline viewer features, you can easily observe and study an active Logstash node or full deployment.
We're here to help at every phase — from technical migration assistance to analyst training directly from Elastic experts.
Management & Orchestration
Take the helm of your Logstash deployments with the Pipeline Management UI, which makes orchestrating and managing your pipelines a breeze. The management controls also integrate seamlessly with the built-in security features to prevent any unintended rewiring.