4. What is LogStash?
Definition
Logstash is an open
source, server-side data
processing pipeline that
ingests data from a
multitude of sources
simultaneously,
transforms it, and then
sends it to a specified
output.
5. What is LogStash?
Definition
Jordan Sissel created the first version of LogStash in 2013, when he frequently found himself in the thick of
aggregating and managing log files.
Logstash continued to grow with the other components of the ELK stack and is now part of a comprehensive
platform for log data and analysis, providing companies with valuable insights into how their customers
interact with support system, e-commerce sites and so on.
6. What is LogStash?
Importance of LogStash
Open source data collection engine
Centralize data processing of all types
Normalized varying schema for
business critical data
Support for multiple and custom
formats
Extensibility via plugins
9. Core Features
What Can LogStash Do?
Data ingestion
workhorse
Events enrichment
and transformation
Extensible plugin
ecosystem
It is highly available,
scalable and elastic in
nature.
Pluggable pipeline
architecture
Horizontally
scalable data
processing pipeline
Strong
Elasticsearch and
Kibana synergy
Handles data of all
shapes and sizes
12. Key Components and Terminology
What Constitutes LogStash?
INPUTS
FILTERS
OUTPUTS
13. Specify the source of events
LogStash can handle variety of
sources
Most common ones are:
Logs
Network
Web
Data stores and streams
Sensors and IoT
Key Components and Terminology
What Constitutes LogStash?
INPUTS
14. Key Components and Terminology
What Constitutes LogStash?
FILTERS
Responsible for parsing the
incoming events
May enrich the events
Most common ones are:
grok
mutate
drop
15. Key Components and Terminology
What Constitutes LogStash?
OUTPUTS
Final stage of the pipeline
Sends the enriched output to a
specified destination
LogStash can handle variety
of destinations
ElasticSearch
AWS S3 buckets
Files