Question 1

Logstash vs Fluentd: which is better for log aggregation?

Accepted Answer

Logstash excels in the Elastic Stack ecosystem with deep integration and extensive plugins, but is heavier on resources. Fluentd is lighter and more modular, often preferred for containerized environments. Your choice should hinge on existing infrastructure and performance needs.

Question 2

How to install Logstash from source on Ubuntu?

Accepted Answer

First, install JDK 11 or 17 and set JAVA_HOME. Then, install JRuby 9.2.x using RVM or rbenv. Clone the repo, export OSS=true for the open-source version, and run './gradlew installDevelopmentGems' and './gradlew installDefaultGems' to set up dependencies. Verify with the stdin example in the README.

Question 3

Why is Logstash slow to start up?

Accepted Answer

Logstash runs on the JVM, which has inherent slow initialization. The README acknowledges this by recommending the Drip launcher for faster subsequent starts during development, though it doesn't work with STDIN inputs.

Question 4

How to create a custom Logstash filter plugin?

Accepted Answer

Custom plugins are Ruby gems. Start by following the contributing guide in the README: create a new plugin repository under the logstash-plugins organization, write your code in Ruby, and use the provided tools to test and publish it to RubyGems.org.

Question 5

Can Logstash output to Kafka or databases?

Accepted Answer

Yes, Logstash has output plugins for Kafka, MySQL, PostgreSQL, and many others. You can install them via 'bin/logstash-plugin install' or develop custom ones, making it flexible for various destinations beyond Elasticsearch.

Question 6

How to troubleshoot Logstash pipeline errors?

Accepted Answer

Check the Logstash logs for detailed error messages, use the built-in monitoring APIs to inspect pipeline performance, and consult the Elastic documentation or forums. The README links to resources like the Logstash Forum for community support.

Logstash

What is Logstash?

Overview

Use Cases

Best For

Related Projects

Found a gem we're missing?

Not Ideal For

Pros & Cons

Pros

Cons

Frequently Asked Questions