- Logstash Reference: other versions:
- Logstash Introduction
- Getting Started with Logstash
- How Logstash Works
- Setting Up and Running Logstash
- Logstash Directory Layout
- Logstash Configuration Files
- logstash.yml
- Secrets keystore for secure settings
- Running Logstash from the Command Line
- Running Logstash as a Service on Debian or RPM
- Running Logstash on Docker
- Configuring Logstash for Docker
- Running Logstash on Windows
- Logging
- Shutting Down Logstash
- Installing X-Pack
- Setting Up X-Pack
- Breaking Changes
- Upgrading Logstash
- Configuring Logstash
- Structure of a Config File
- Accessing Event Data and Fields in the Configuration
- Using Environment Variables in the Configuration
- Logstash Configuration Examples
- Multiple Pipelines
- Pipeline-to-Pipeline Communication (Beta)
- Reloading the Config File
- Managing Multiline Events
- Glob Pattern Support
- Converting Ingest Node Pipelines
- Logstash-to-Logstash Communication
- Centralized Pipeline Management
- X-Pack monitoring
- X-Pack security
- X-Pack Settings
- Managing Logstash
- Working with Logstash Modules
- Working with Filebeat Modules
- Data Resiliency
- Transforming Data
- Deploying and Scaling Logstash
- Performance Tuning
- Monitoring Logstash
- Monitoring APIs
- Working with plugins
- Input plugins
- beats
- cloudwatch
- couchdb_changes
- dead_letter_queue
- elasticsearch
- exec
- file
- ganglia
- gelf
- generator
- github
- google_pubsub
- graphite
- heartbeat
- http
- http_poller
- imap
- irc
- jdbc
- jms
- jmx
- kafka
- kinesis
- log4j
- lumberjack
- meetup
- pipe
- puppet_facter
- rabbitmq
- redis
- relp
- rss
- s3
- salesforce
- snmptrap
- sqlite
- sqs
- stdin
- stomp
- syslog
- tcp
- udp
- unix
- varnishlog
- websocket
- wmi
- xmpp
- Output plugins
- boundary
- circonus
- cloudwatch
- csv
- datadog
- datadog_metrics
- elasticsearch
- exec
- file
- ganglia
- gelf
- google_bigquery
- graphite
- graphtastic
- http
- influxdb
- irc
- juggernaut
- kafka
- librato
- loggly
- lumberjack
- metriccatcher
- mongodb
- nagios
- nagios_nsca
- opentsdb
- pagerduty
- pipe
- rabbitmq
- redis
- redmine
- riak
- riemann
- s3
- sns
- solr_http
- sqs
- statsd
- stdout
- stomp
- syslog
- tcp
- timber
- udp
- webhdfs
- websocket
- xmpp
- zabbix
- Filter plugins
- aggregate
- alter
- cidr
- cipher
- clone
- csv
- date
- de_dot
- dissect
- dns
- drop
- elapsed
- elasticsearch
- environment
- extractnumbers
- fingerprint
- geoip
- grok
- i18n
- jdbc_static
- jdbc_streaming
- json
- json_encode
- kv
- metricize
- metrics
- mutate
- prune
- range
- ruby
- sleep
- split
- syslog_pri
- throttle
- tld
- translate
- truncate
- urldecode
- useragent
- uuid
- xml
- Codec plugins
- Contributing to Logstash
- How to write a Logstash input plugin
- How to write a Logstash input plugin
- How to write a Logstash codec plugin
- How to write a Logstash filter plugin
- Contributing a Patch to a Logstash Plugin
- Logstash Plugins Community Maintainer Guide
- Submitting your plugin to RubyGems.org and the logstash-plugins repository
- Glossary of Terms
- Release Notes
- Logstash 6.3.2 Release Notes
- Logstash 6.3.1 Release Notes
- Logstash 6.3.0 Release Notes
- Logstash 6.2.4 Release Notes
- Logstash 6.2.3 Release Notes
- Logstash 6.2.2 Release Notes
- Logstash 6.2.1 Release Notes
- Logstash 6.2.0 Release Notes
- Logstash 6.1.3 Release Notes
- Logstash 6.1.2 Release Notes
- Logstash 6.1.1 Release Notes
- Logstash 6.1.0 Release Notes
Logstash Directory Layout
editLogstash Directory Layout
editThis section describes the default directory structure that is created when you unpack the Logstash installation packages.
Directory Layout of .zip
and .tar.gz
Archives
editThe .zip
and .tar.gz
packages are entirely self-contained. All files and
directories are, by default, contained within the home directory — the directory
created when unpacking the archive.
This is very convenient because you don’t have to create any directories to start using Logstash, and uninstalling Logstash is as easy as removing the home directory. However, it is advisable to change the default locations of the config and the logs directories so that you do not delete important data later on.
Type | Description | Default Location | Setting |
---|---|---|---|
home |
Home directory of the Logstash installation. |
|
|
bin |
Binary scripts, including |
|
|
settings |
Configuration files, including |
|
|
logs |
Log files |
|
|
plugins |
Local, non Ruby-Gem plugin files. Each plugin is contained in a subdirectory. Recommended for development only. |
|
|
data |
Data files used by logstash and its plugins for any persistence needs. |
|
|
Directory Layout of Debian and RPM Packages
editThe Debian package and the RPM package each place config files, logs, and the settings files in the appropriate locations for the system:
Type | Description | Default Location | Setting |
---|---|---|---|
home |
Home directory of the Logstash installation. |
|
|
bin |
Binary scripts including |
|
|
settings |
Configuration files, including |
|
|
conf |
Logstash pipeline configuration files |
|
|
logs |
Log files |
|
|
plugins |
Local, non Ruby-Gem plugin files. Each plugin is contained in a subdirectory. Recommended for development only. |
|
|
data |
Data files used by logstash and its plugins for any persistence needs. |
|
|
Directory Layout of Docker Images
editThe Docker images are created from the .tar.gz
packages, and follow a
similar directory layout.
Type | Description | Default Location | Setting |
---|---|---|---|
home |
Home directory of the Logstash installation. |
|
|
bin |
Binary scripts, including |
|
|
settings |
Configuration files, including |
|
|
conf |
Logstash pipeline configuration files |
|
|
plugins |
Local, non Ruby-Gem plugin files. Each plugin is contained in a subdirectory. Recommended for development only. |
|
|
data |
Data files used by logstash and its plugins for any persistence needs. |
|
|
Logstash Docker containers do not create log files by default. They log to standard output.
On this page