/Logstash1.2_kibana3_auto_install

Auto-install scripts for getting started with Logstash 1.2 and Kibana 3! Just run ./bootstrap

Primary LanguageShell

Build Status

What is Logstash?

Logstash is a log indexer built on top of elasticsearch. It aggregates logs from multiple sources and allows you to query them using the Apache Lucene query parser syntax.

Logstash is built on elasticsearch, which allows your data to scale easily. If you run out of space, simply add a new elasticsearch node to your cluster. It's easy to scale with your data.

How it works

Logstash has two parts, the indexer and the server. The indexer works on a specific datasource to collect logs and ship them to the server. Before shipping the logs you can do interesting things, such as mutate them, add tags, or disregard them altogether.

Adding tags to certain types of logs allows you to quickly retrieve them and keep track of trending information.

The server keeps logs in a redis queue until they can be drained into elasticsearch. Neither redis nor elasticsearch are required to be on the server, but they are nevertheless required.

The frontend

While not a direct part of the logstash project, Kibana works on top of logstash to give you visualization and montoring tools. Kibana also gives you the flexibility to define patterns and filters and then watch the stream for these matches as they happen in realtime.

logstash running with varnishncsa

Setup

The entire setup has been automated. Simply clone the project and run:

$ sudo ./bootstrap

Elasticsearch, logstash, and redis will be listening on their default port. Kibana/nginx will be listening on port 80.

You may want to change the default data directory for Elasticsearch.