Logstash is a data processing engine for collecting, transforming, and sending data. It is part of the Elastic Stack, which includes Elasticsearch, Kibana, and Beats. To install Logstash, you must first configure the Elastic repository. This repository provides access to the Logstash RPM package for installation via yum or dnf.
Logstash depends on Java to run, specifically the Java Runtime Environment (JRE). However, the installation process does not automatically include JRE as a dependency. You must manually install JRE to ensure Logstash functions correctly on your system.
After installing both Java and Logstash, you can configure it to run as a service. This enables automatic startup during system boot. Configuration settings can be adjusted in the Logstash configuration file to suit your specific data processing needs.
Steps to install Logstash on CentOS, RHEL, or Fedora:
- Launch terminal.
- Download and install the public signing key for the Elastic repository.
$ sudo rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch
- Add the Elastic repository for yum or dnf.
$ sudo tee /etc/yum.repos.d/elasticsearch.repo <<EOF [elasticsearch-7.x] name=Elasticsearch repository for 7.x packages baseurl=https://artifacts.elastic.co/packages/7.x/yum gpgcheck=1 gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch enabled=1 autorefresh=1 type=rpm-md EOF
The above step ensures that Logstash can be installed using the official Elastic repository.
- Install the Java Runtime Environment (JRE).
$ sudo dnf install --assumeyes java-11-openjdk [sudo] password for user: Last metadata expiration check: 1 day, 0:28:04 ago on Fri 30 Apr 2021 07:01:52 AM +08. Dependencies resolved. ================================================================================ Package Arch Version Repo Size ================================================================================ Installing: java-11-openjdk x86_64 1:11.0.11.0.1-0.2.ea.el8 appstream 260 k Installing dependencies: copy-jdk-configs noarch 3.7-4.el8 appstream 27 k java-11-openjdk-headless x86_64 1:11.0.11.0.1-0.2.ea.el8 appstream 39 M javapackages-filesystem noarch 5.3.0-1.module_el8.0.0+11+5b8c10bd appstream 30 k lksctp-tools x86_64 1.0.18-3.el8 baseos 100 k ttmkfdir x86_64 3.0.9-54.el8 appstream 62 k tzdata-java noarch 2021a-1.el8 appstream 192 k xorg-x11-fonts-Type1 noarch 7.5-19.el8 appstream 522 k Enabling module streams: javapackages-runtime 201801 Transaction Summary ================================================================================ Install 8 Packages Total download size: 41 M Installed size: 173 M ##### snipped - Install Logstash via dnf or yum.
$ sudo dnf install --assumeyes logstash Last metadata expiration check: 2:52:17 ago on Sat 01 May 2021 07:34:39 AM +08. Dependencies resolved. ================================================================================================= Package Architecture Version Repository Size ================================================================================================= Installing: logstash x86_64 1:7.12.1-1 elasticsearch-7.x 353 M Transaction Summary ================================================================================================= Install 1 Package Total download size: 353 M Installed size: 607 M ##### snipped
- Configure Logstash options in the configuration file.
$ sudo vi /etc/logstash/logstash.yml
- Enable Logstash to start automatically during system boot.
$ sudo systemctl enable logstash Created symlink /etc/systemd/system/multi-user.target.wants/logstash.service → /etc/systemd/system/logstash.service.
- Start the Logstash service.
$ sudo systemctl start logstash
Mohd Shakir Zakaria is a cloud architect with deep roots in software development and open-source advocacy. Certified in AWS, Red Hat, VMware, ITIL, and Linux, he specializes in designing and managing robust cloud and on-premises infrastructures.
Comment anonymously. Login not required.