Logstash: Collect, Parse, Transform Logs

Centralize, Transform & Stash Your Data

Logstash is an open source, server-side data processing pipeline that ingests data from a multitude of sources simultaneously, transforms it, and then sends it to your favorite “stash.” (Ours is Elasticsearch, naturally.)

From 0 to 60 in 60: The Logstash Primer. Watch Webinar

New The persistent queue feature goes GA in Logstash 5.4, guaranteeing at-least-once delivery for your in-flight events. Trust in your pipeline. Read More

INPUTS

Ingest Data of All Shapes, Sizes, and Sources

Data is often scattered or siloed across many systems in many formats. Logstash supports a variety of inputs that pull in events from a multitude of common sources, all at the same time. Easily ingest from your logs, metrics, web applications, data stores, and various AWS services, all in continuous, streaming fashion.

INPUTS

Ingest Data of All Shapes, Sizes, and Sources

FILTERS

Parse & Transform Your Data On the Fly

5.10.83.30

user-identifier frank

[10/Oct/2000:13:55:36 -0700]

"GET/apache_pb.gif HTTP/1.0" 200 2326

5.10.83.30 user-identifier frank

[10/Oct/2000:13:55:36 -0700]

"GET /apache_pb.gif HTTP/1.0" 200 2326

5.10.83.30 user-identifier frank

[10/Oct/2000:13:55:36 -0700]

"GET /apache_pb.gif HTTP/1.0" 200 2326

5.10.83.30 user-identifier frank

2000-10-10T13:55:36.000Z.

"GET /apache_pb.gif HTTP/1.0" 200 2326

As data travels from source to store, Logstash filters parse each event, identify named fields to build structure, and transform them to converge on a common format for easier, accelerated analysis and business value.

Logstash dynamically transforms and prepare your data regardless of format or complexity:

Derive structure from unstructured data with grok
Decipher geo coordinates from IP addresses
Anonymize PII data, exclude sensitive fields completely
Ease overall processing independent of the data source, format, or schema.

The possibilities are endless with our rich library of filters.

FILTERS

Parse & Transform Your Data On the Fly

Logstash dynamically transforms and prepare your data regardless of format or complexity:

Derive structure from unstructured data with grok
Decipher geo coordinates from IP addresses
Anonymize PII data, exclude sensitive fields completely
Ease overall processing independent of the data source, format, or schema.

The possibilities are endless with our rich library of filters.

OUTPUTS

Choose Your Stash, Transport Your Data

While Elasticsearch is our go-to output that opens up a world of search and analytics possibilities, it’s not the only one available.

Logstash has a variety of outputs that let you route data where you want, giving you the flexibility to unlock a slew of downstream use cases.

OUTPUTS

Choose Your Stash, Transport Your Data

While Elasticsearch is our go-to output that opens up a world of search and analytics possibilities, it’s not the only one available.

Logstash has a variety of outputs that let you route data where you want, giving you the flexibility to unlock a slew of downstream use cases.

EXTENSIBILITY

Create and Configure Your Pipeline, Your Way

Logstash has a pluggable framework featuring over 200 plugins. Mix, match, and orchestrate different inputs, filters, and outputs to work in pipeline harmony.

Ingesting from a custom application? Don’t see a plugin you need? Logstash plugins are easy to build. We’ve got a fantastic API for plugin development and a plugin generator to help you start and share your creations.

DURABILITY

Trust in a Pipeline Built to Deliver

If Logstash nodes happen to fail, Logstash guarantees at-least-once delivery for your in-flight events with its persistent queue. With the ability to absorb throughput, Logstash scales through ingestion spikes without having to use an external queueing layer.

MONITORING

Have Full Visibility into Your Deployments

Logstash pipelines are often multipurpose and can become sophisticated, making a strong understanding of pipeline performance, availability, and bottlenecks is invaluable. With the monitoring features in X-Pack, you can easily observe and study an active Logstash node or full deployment.

Logstash Monitoring Dashboard

SECURITY

Secure Your Pipelines, End to End

Whether you're running 10s or 1000s of Logstash instances, we’ve made it possible for you to fully secure your ingest pipelines. Incoming data from Beats along with other inputs can be encrypted over the wire, and there's full integration with secured Elasticsearch clusters.

Centralize, Transform & Stash Your Data

Ingest Data of All Shapes, Sizes, and Sources

Ingest Data of All Shapes, Sizes, and Sources

Parse & Transform Your Data On the Fly

Parse & Transform Your Data On the Fly

Choose Your Stash, Transport Your Data

Choose Your Stash, Transport Your Data

Create and Configure Your Pipeline, Your Way

Trust in a Pipeline Built to Deliver

Have Full Visibility into Your Deployments

Secure Your Pipelines, End to End

How Many Logs Can a Logstash Stash? Find Out.

Be in the know with the latest and greatest from Elastic.