- Logstash Reference: other versions:
- Logstash Introduction
- Getting Started with Logstash
- How Logstash Works
- Setting Up and Running Logstash
- Logstash Directory Layout
- Logstash Configuration Files
- logstash.yml
- Secrets keystore for secure settings
- Running Logstash from the Command Line
- Running Logstash as a Service on Debian or RPM
- Running Logstash on Docker
- Configuring Logstash for Docker
- Running Logstash on Windows
- Logging
- Shutting Down Logstash
- Upgrading Logstash
- Creating a Logstash pipeline
- Secure your connection
- Advanced Logstash Configurations
- Logstash-to-Logstash communication
- Managing Logstash
- Working with Logstash Modules
- Working with Filebeat Modules
- Working with Winlogbeat Modules
- Queues and data resiliency
- Transforming Data
- Deploying and Scaling Logstash
- Performance Tuning
- Monitoring Logstash
- Monitoring Logstash with APIs
- Working with plugins
- Integration plugins
- Input plugins
- azure_event_hubs
- beats
- cloudwatch
- couchdb_changes
- dead_letter_queue
- elastic_agent
- elastic_serverless_forwarder
- elasticsearch
- exec
- file
- ganglia
- gelf
- generator
- github
- google_cloud_storage
- google_pubsub
- graphite
- heartbeat
- http
- http_poller
- imap
- irc
- java_generator
- java_stdin
- jdbc
- jms
- jmx
- kafka
- kinesis
- log4j
- lumberjack
- meetup
- pipe
- puppet_facter
- rabbitmq
- redis
- relp
- rss
- s3
- s3-sns-sqs
- salesforce
- snmp
- snmptrap
- sqlite
- sqs
- stdin
- stomp
- syslog
- tcp
- udp
- unix
- varnishlog
- websocket
- wmi
- xmpp
- Output plugins
- boundary
- circonus
- cloudwatch
- csv
- datadog
- datadog_metrics
- dynatrace
- elastic_app_search
- elastic_workplace_search
- elasticsearch
- exec
- file
- ganglia
- gelf
- google_bigquery
- google_cloud_storage
- google_pubsub
- graphite
- graphtastic
- http
- influxdb
- irc
- java_stdout
- juggernaut
- kafka
- librato
- loggly
- lumberjack
- metriccatcher
- mongodb
- nagios
- nagios_nsca
- opentsdb
- pagerduty
- pipe
- rabbitmq
- redis
- redmine
- riak
- riemann
- s3
- sink
- sns
- solr_http
- sqs
- statsd
- stdout
- stomp
- syslog
- tcp
- timber
- udp
- webhdfs
- websocket
- xmpp
- zabbix
- Filter plugins
- age
- aggregate
- alter
- bytes
- cidr
- cipher
- clone
- csv
- date
- de_dot
- dissect
- dns
- drop
- elapsed
- elasticsearch
- environment
- extractnumbers
- fingerprint
- geoip
- grok
- http
- i18n
- java_uuid
- jdbc_static
- jdbc_streaming
- json
- json_encode
- kv
- memcached
- metricize
- metrics
- mutate
- prune
- range
- ruby
- sleep
- split
- syslog_pri
- threats_classifier
- throttle
- tld
- translate
- truncate
- urldecode
- useragent
- uuid
- wurfl_device_detection
- xml
- Codec plugins
- Tips and best practices
- Troubleshooting
- Contributing to Logstash
- How to write a Logstash input plugin
- How to write a Logstash codec plugin
- How to write a Logstash filter plugin
- How to write a Logstash output plugin
- Logstash Plugins Community Maintainer Guide
- Document your plugin
- Publish your plugin to RubyGems.org
- List your plugin
- Contributing a patch to a Logstash plugin
- Extending Logstash core
- Contributing a Java Plugin
- Breaking changes
- Release Notes
- Logstash 8.7.1 Release Notes
- Logstash 8.7.0 Release Notes
- Logstash 8.6.2 Release Notes
- Logstash 8.6.1 Release Notes
- Logstash 8.6.0 Release Notes
- Logstash 8.5.3 Release Notes
- Logstash 8.5.2 Release Notes
- Logstash 8.5.1 Release Notes
- Logstash 8.5.0 Release Notes
- Logstash 8.4.2 Release Notes
- Logstash 8.4.1 Release Notes
- Logstash 8.4.0 Release Notes
- Logstash 8.3.3 Release Notes
- Logstash 8.3.2 Release Notes
- Logstash 8.3.1 Release Notes
- Logstash 8.3.0 Release Notes
- Logstash 8.2.3 Release Notes
- Logstash 8.2.2 Release Notes
- Logstash 8.2.1 Release Notes
- Logstash 8.2.0 Release Notes
- Logstash 8.1.3 Release Notes
- Logstash 8.1.2 Release Notes
- Logstash 8.1.1 Release Notes
- Logstash 8.1.0 Release Notes
- Logstash 8.0.1 Release Notes
- Logstash 8.0.0 Release Notes
- Logstash 8.0.0-rc2 Release Notes
- Logstash 8.0.0-rc1 Release Notes
- Logstash 8.0.0-beta1 Release Notes
- Logstash 8.0.0-alpha2 Release Notes
- Logstash 8.0.0-alpha1 Release Notes
An event serialization bug was discovered, which causes an issue when trying to read dead letter or persistent queues created in previous versions of Logstash.
We recommend not upgrading to Logstash 8.3.0 if you are using dead letter or persistent queues.
-
Logstash is more efficient at fetching pipelines as of 8.3.0. When a Logstash instance sends its pipeline IDs to Elasticsearch or central pipeline management in Kibana, it gets back only the pipeline configs that belong to that instance. These enhancements required changes to both Logstash (#14076) and Elasticsearch (#85847).
These improvements dramatically decrease network load while also giving users the ability to control pipelines dynamically using wildcards.
- Dead Letter Queues can now be configured to drop older events instead of new ones when they’re full. The setting "dead_letter_queue.storage_policy" has been introduced for this purpose, and new metrics - such as a counter for dropped events - are now exposed in the API to better monitor the DLQ behavior. #13923 #14058
- To improve security of Logstash deployments, 8.3.0 brings a new setting "allow_superuser" that defaults to false. When enabled it prevents Logstash from starting as super user ("root"). This setting will be enabled by default in the future. Consider explicitly enabling it. Otherwise a deprecation log entry will be emitted. #14046 #14089
- Continuing with the focus on security, we’ve introduced "api.auth.basic.password_policy.mode" to ensure the password used to guard Logstash’s HTTP API has a minimum set of strength requirements. By default a warning will be emitted if the defined password doesn’t meet the criteria, but in a future release the mode will be set to "ERROR". #14045 #14105 #14159
- Elasticsearch introduced "security on by default" back in 8.0.0, with TLS enabled by default in its HTTP and transport layers. To facilitate connecting to 8.x clusters, Elasticsearch displays the fingerprint of the Certificate Authority it generates on startup. This release of Logstash introduces support for setting "ca_trusted_fingerprint" in Elasticsearch input, filter and outputs plugins. #14120
-
Technical Preview: Receiving events containing keys with characters that have special meaning to Logstash such as
[
and]
(for field references) has always causes issues to data ingestion. A new setting in Technical Preview, disabled by default, called "config.field_reference.escape_style" was introduced to handle such special characters by escaping them. #14044
- Don’t display values of password type settings in conditionals #13997
- Introduce a retry mechanism in pipeline-to-pipeline instead of crashing #14027
- Add thread safety around Puma startup/shutdown #14080
- Add value converters for java.time classes #13972
- Correct the class reference to the MetricNotFound exception #13970
- Fix a possible corruption of Persistent Queue during a crash of the Logstash process #14165
Avro Codec - 3.4.0
-
Add
encoding
option to select the encoding of Avro payload, could bebinary
orbase64
#39
Elasticsearch Filter - 3.12.0
-
Add support for
ca_trusted_fingerprint
when run on Logstash 8.3+ #158
Fingerprint Filter - 3.4.0
- Add support for 128bit murmur variant #66.
Azure_event_hubs Input - 1.4.4
- Fix: Replace use of block with lambda to fix wrong number of arguments error on jruby-9.3.4.0 #75
Beats Input - 6.4.0
- Feat: review and deprecate ssl protocol/cipher settings #450
Elasticsearch Input - 4.14.0
Http Input - 3.6.0
- Feat: review and deprecate ssl protocol/cipher related settings #151
Jms Input - 3.2.2
-
Fix: Remove usage of
java_kind_of?
to allow this plugin to be supported for versions of Logstash using jruby-9.3.x #54
S3 Input - 3.8.4
-
Refactoring, reuse code to manage
additional_settings
from mixin-aws #237
Sqs Input - 3.3.2
- Fix an issue that prevented timely shutdown when subscribed to an inactive queue
-
Refactoring: used logstash-mixin-aws to leverage shared code to manage
additional_settings
#64
Tcp Input - 6.3.0
- Feat: ssl_supported_protocols (TLSv1.3) + ssl_cipher_suites #198
Jdbc Integration - 5.3.0
Kafka Integration - 10.12.0
Aws Mixin - 5.1.0
- Add support for additional_settings configuration options used by S3 and SQS input plugins #53.
- Drop support for aws-sdk-v1
Elasticsearch Output - 11.6.0
S3 Output - 4.3.7
Tcp Output - 6.1.0
- Feat: add support for TLS v1.3 #47
- Fix: close server and client sockets on plugin close
On this page