How to use Logstash monitoring API?


I have multiple Logstash instances and it will be fine if I can see their status in a Kibana dashboard. I got to know about Logstash monitoring API here but I dont know how to use it / how to work with it. I entered GET /_node/pipeline in Kibana Dev Tools > Console, but it returned;

  "error": {
    "root_cause": [
        "type": "illegal_argument_exception",
        "reason": "No endpoint or operation is available at [pipeline]"
    "type": "illegal_argument_exception",
    "reason": "No endpoint or operation is available at [pipeline]"
  "status": 400

How can I monitor Logstash instances (whether they are up or not), and display it in a Kibana dashboard?

Thank you.

With the release of Elastic Stack 5.2, X-Pack Monitoring now supports monitoring Logstash as well as Elasticsearch and Kibana. This is available through the free Basic X-Pack license.

@Christian_Dahlqvist Will this show my each Logstash instance separately, or a combined one?

I believe there are separate screens for overview and instance level information.

1 Like

Could you tell me if this is possible without X-Pack? I got to know that Logstash has a monitoring API but I don't know how to use it :pensive: could you help me with it?

The monitoring data is available through an HTTP end-point described in the documentation, so if you have something poll this at a regular interval, perform any transformation that is required and index it into Elasticsearch, you should be able to build Kibana dashboards around it. I have however not used the API, so will not really be able to help with the details. Is there any reason you can not use X-Pack with the free basic license?

@Christian_Dahlqvist I am using X-Pack with basic license, but its GA 5.0.0.

When I tried GET /_node/pipeline in Kibana console, it returned no end point error. Is it possible to use this with GA 5.0.0?

Monitoring of Logstash in X-Pack was introduced in version 5.2. There has been a number of bug fixes and enhancements since 5.0, so I would recommend you upgrade.

The Kibana console queries the Elasticsearch cluster only for security reasons, so you can not use Console to query the HTTP end point on Logstash.

Ok @Christian_Dahlqvist .. I can upgrade, but takes time I think.

I have entered curl -XGET "http://localhost:9200/_node/pipeline" in my Linux console, but it returned;

{"error":{"root_cause":[{"type":"illegal_argument_exception","reason":"No endpoint or operation is available at [pipeline]"}],"type":"illegal_argument_exception","reason":"No endpoint or operation is available at [pipeline]"},"status":400}

Why is this happening?

The API is available on the Logstash process, not Elasticsearch, and therefore uses port 9600 by default, not 9200.

Thank you so much @Christian_Dahlqvist :slight_smile:

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.