LogStash Info

Logstash is a tool for managing events and logs.

LogStash provides an integrated framework for log collection, centralization, parsing, storage and search.

LogStash has a wide variety of input mechanisms: it can take inputs from TCP/UDP, files, Syslog, Microsoft Windows EventLogs, STDIN, log4j and a variety of other sources.


LogStash design and architecture


LogStash is written in JRuby and runs in a Java Virtual Machine (JVM).

Its architecture is message-based and very simple.

Rather than separate agents or servers, LogStash has a single agent that is configured to perform different functions in combination with other open source components.


In the LogStash ecosystem there are four components:

• Shipper: Sends events to LogStash. Your remote agents will generally only run this component.

• Broker and Indexer: Receives and indexes the events.

• Search and Storage: Allows you to search and store events.

• Web Interface: A Web-based interface to LogStash.


LogStash servers run one or more of these components independently, which allows us to separate components and scale LogStash. As a result there's likely in the environment that you can't extract logs from and send them to LogStash.