Logstash information

tractor_boy · November 18, 2021, 1:27pm

I am really struggling to understand the documentation, and as such cannot work out what I need to do to get logstash to work.

So logstash arrives as a zip (Is there an msi?)
But nothing configured. The documentation doesn't really say much about each configuration option, so are any actually required, surely some must need some setting.
I cannot find where to configure Elasticsearch destination in the configuration. I have found something that suggests this goes into the config that defines the metric, surely not?

Do do I get logstash to run as a service so that the metric that I am capturing get captured at the defined interval?

Apologies but completely lost and have no idea of what to do , or where to go to work it out, and spending far too long trying to google snippets of information.

AquaX · November 18, 2021, 9:29pm

Logstash works on a simple concept of defining a number of pipelines with an: input, filter, and output. The inputs can be a simple listener that just waits for events to be thrown at it from another service like filebeat or it can generate it's own events depending on which input plugin you use.
Logstash is a swiss army knife of the elastic stack.

It can run as a service, as a standalone executable as well.
From the command line you can usually run logstash like this:

logstash.exe -f sample.conf

A basic logstash configuration file looks like this:

sample.conf

input {
   #define an input source such as filebeat/metricbeat/etc.. or any number of input plugins
   # https://www.elastic.co/guide/en/logstash/current/input-plugins.html
   beats {
   ...
   }
}
filter {
  #define any number of enhancement filters such as mutating data, doing a dictionary lookup based on an input value, etc... This section is optional
   # https://www.elastic.co/guide/en/logstash/current/filter-plugins.html
}

output { 
   #define any number of outputs after all the filters are done from the input such as 
   # https://www.elastic.co/guide/en/logstash/current/output-plugins.html
elasticsearch, influxdb, file, stdout, etc...
   elasticsearch {
    ...
    }
}

As data is processed in by the input it is then enhanced by the filter and then finally sent out via the output.
There are a ton of videos on youtube on Logstash and it's a good place to start.
This one seemed to explain things pretty well: Elasticsearch Tutorial | Elastic Stack Tutorial | ELK Stack | Kibana, Logstash & Elasticsearch - YouTube

tractor_boy · November 19, 2021, 9:03am

thanks.

So the only thing I want from logstash is the wmi plug in. It seems that this is not 'bundled' and you have to install it ( Wmi input plugin | Logstash Reference [7.15] | Elastic Running the command I get

"Using bundled JDK: ""
Exception in thread "main" java.lang.UnsupportedClassVersionError: org/jruby/Main : Unsupported major.minor version 52.0

Is this saying that there wasn't a bundled JDK, it couldn't find a bundled JDK, or the bundled JDK wasn't a valid version?

I believe Java is at or around v 15, so not sure what 52.0 actually means.

Badger · November 19, 2021, 6:00pm

I cannot address how

set JAVA="%LS_HOME%\jdk\bin\java.exe"
echo "Using bundled JDK: %JAVA%""

could ever result in "Using bundled JDK: "", but

52.0 refers to Java 8 -- the class file it is trying to run was compiled with Java 8.

system · December 17, 2021, 6:01pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.