logstash.asciidoc

Logstash module

The {modulename} module parse logstash regular logs and the slow log, it will support the plain text format and the JSON format (--log.format json). The default is the plain text format.

../include/what-happens.asciidoc

The {modulename} module has two filesets:

• The log fileset collects and parses the logs that Logstash writes to disk.

• The slowlog fileset parses the logstash slowlog.

For the slowlog fileset, make sure to configure the {logstash-ref}/logging.html#_slowlog[Logstash slowlog option].

Compatibility

The Logstash log fileset was tested with logs from Logstash 5.6 and 6.0.

The Logstash slowlog fileset was tested with logs from Logstash 5.6 and 6.0

../include/running-modules.asciidoc

Example dashboards

This module comes with two sample dashboards.

../include/configuring-intro.asciidoc

The following example shows how to set paths in the modules.d/{modulename}.yml file to override the default paths for Logstash logs and set the format to json

- module: logstash
  log:
    enabled: true
    var.paths: ["/path/to/log/logstash.log*"]
    var.format: json
  slowlog:
    enabled: true
    var.paths: ["/path/to/log/logstash-slowlog.log*"]
    var.format: json

To specify the same settings at the command line, you use:

-M "logstash.log.var.paths=[/path/to/log/logstash/logstash-server.log*]" -M "logstash.slowlog.var.paths=[/path/to/log/logstash/logstash-slowlog.log*]"

../include/config-option-intro.asciidoc

log fileset settings

../include/var-paths.asciidoc

var.format

The configured Logstash log format. Possible values are: json or plain. The default is plain.

slowlog fileset settings

../include/var-paths.asciidoc

var.format

The configured Logstash log format. Possible values are: json or plain. The default is plain.

Fields

For a description of each field in the module, see the exported fields section.