book

The Logstash Book

Name: The Logstash Book
Author: James Turnbull
ISBN: 9780988820210

by James Turnbull

December 2013

Intermediate to advanced

262 pages

3h 5m

English

Turnbull Press

Read now

Unlock full access

The Logstash Book
Who is this book for?Credits and AcknowledgmentsTechnical ReviewersJan-Piet MensPaul StackTechnical IllustratorAuthorConventions in the bookCode and ExamplesColophonErrataTrademarksVersionCopyright
Introduction or Why Should I Bother?
Introducing Logstash and the Elastic StackLogstash design and architectureWhat's in the book?Logstash resourcesGetting help with LogstashA mild warning
Getting Started with Logstash
Installing JavaOn the Red Hat familyOn Debian & UbuntuTesting Java is installedGetting LogstashStarting LogstashOur sample configuration fileRunning the Logstash agentTesting the Logstash agentSummary
Shipping Events
Our Event LifecycleInstalling Logstash on our central serverInstalling JavaInstalling LogstashElasticsearch for searchCreating a basic central configurationRunning Logstash as a serviceAn interlude about pluginsThe Kibana ConsoleInstalling KibanaConfiguring KibanaRunning KibanaInstalling a Filebeat on our first agentInstalling the FilebeatOur agent configurationInstalling Filebeat as a serviceSending our first eventsLooking at our events in KibanaSummary
Shipping Events
Using SyslogA quick introduction to SyslogConfiguring Logstash for SyslogConfiguring Syslog on remote agentsFilebeatConfigure Filebeat on our central serverInstalling Filebeat on the remote hostConfiguring FilebeatOther log shippersLog-CourierBeaverWoodchuckOthersSummary
Filtering Events with Logstash
Apache LogsConfiguring Apache for Custom LoggingSending Apache events to LogstashPostfix LogsFilteringCollecting Postfix logsOur first filterAdding our own filtersExtracting from different eventsSetting the timestampFiltering Java application logsHandling blank lines with dropHandling multi-line log eventsGrokking our Java eventsParsing an in-house custom log formatSummary
Structured Application Logging
Application logging primerWhere should I instrument?Instrument schemasTime and the observer effectLogging patterns, or where to put your loggingThe utility patternThe external patternAdding our own structured log entriesAdding structured logging to a sample applicationStructured logging librariesWorking with your existing logsSummary
Outputting Events from Logstash
Send email alertsUpdating our multiline filterConfiguring the email outputEmail outputSend instant messagesIdentifying the event to sendSending the instant messageSend alerts to NagiosNagios check typesIdentifying the trigger eventThe nagios outputThe Nagios external commandThe Nagios serviceOutputting metricsCollecting metricsStatsDSetting the date correctlyThe StatsD outputSending to a different StatsD serverSummary
Scaling Logstash
Scaling ElasticsearchInstalling additional Elasticsearch hostsMonitoring our Elasticsearch clusterManaging Elasticsearch data retentionMore InformationScaling LogstashCreating a second indexerLoad balancingSummary
Extending Logstash
Plugin organizationAnatomy of a pluginCreating our own input pluginBuilding our pluginAdding new pluginsWriting a filterWriting an outputSummary

Overview

Updated for Logstash and ELK v5.0.0.

A book designed for SysAdmins, Operations staff, Developers and DevOps who are interested in deploying a log management solution using the open source Elasticsearch Logstash & Kibana or ELK stack.

In this book, we will walk you through installing, deploying, managing and extending Logstash. We're going to do that by introducing you to Example.com, where you're going to start a new job as one of its SysAdmins. The first project you'll be in charge of is developing its new log management solution.

We'll teach you how to:

* Install and deploy Logstash.
* Ship events from a Logstash Shipper to a central Logstash server.
* Filter incoming events using a variety of techniques.
* Add structured logging to your applications and parse your application logs.
* Output those events to a selection of useful destinations.
* Use Logstash's awesome web interface Kibana.
* Scale out your Logstash implementation as your environment grows.
* Quickly and easily extend Logstash to deliver the additional functionality you might need.

By the end of the book, you should have a functional and effective log management solution that you can deploy into your own environment.

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Publisher Resources

ISBN: 9780988820210

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills