Skip to content


Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
logstash - logs/event transport, processing, management, search.
Ruby Shell
Failed to load latest commit information.
acceptance_spec Update package acceptance tests
bin add an rspec shim to complement the old bin/logstash rspec way of run…
bot Warm welcome to bot,may it serves you well
ci plugins/bundler refactor
docs Fix typo of tail unix command
lib remove setup! and add :clean to uninstall
locales add the concept of a jar manager to load jars within plugins
patterns removes the patterns from patterns dir
pkg adapt the file to the use case proposed LS_JAVA_OPTS add to de…
rakelib remove unwanted files in package
spec Do not return an empty metadata key hash when calling to_hash_with_me…
tools plugins/bundler refactor
.gitignore Update package acceptance tests
.tailor - add .tailor config
CHANGELOG Added changes for RC3 releases Reference github issues now.
CONTRIBUTORS ElasticSearch output plugin to support multiple hosts and enhance sta…
Gemfile Create a logstash-core gem and made the necessary adoptions to logsta…
Gemfile.jruby-1.9.lock Remove dependencies on jruby-httpclient
LICENSE update to elastic brand
Makefile Refactor build tooling to use Ruby Add JAVA_HOME as an extra step for windows
Rakefile Exposing the rake vendor:clean method to the help message - clean up style guide a bit
dripmain.rb refactored all gem/bundler code into logstash/bundler.rb and moved pa…
logstash-core.gemspec add the concept of a jar manager to load jars within plugins
logstash-event.gemspec fix logstash-event.gemspec for jruby and mri
logstash.gemspec update to elastic brand
require-analyze.rb - hacky script to analyze the DEBUG=require csv output grouped by

Logstash Code Climate Coverage Status

Logstash is a tool for managing events and logs. You can use it to collect logs, parse them, and store them for later use (like, for searching). If you store them in Elasticsearch, you can view and analyze them with Kibana.

It is fully free and fully open source. The license is Apache 2.0, meaning you are pretty much free to use it however you want in whatever way.

For more info, see

Logstash Plugins

AKA "Where'd that plugin go??"

Since version 1.5.0 beta1 (and current master) of Logstash, all plugins have been separated into their own repositories under the logstash-plugins github organization. Each plugin is now a self-contained Ruby gem which gets published to Logstash has added plugin infrastructure to easily maintain the lifecyle of the plugin. For more details and rationale behind these changes, see our blogpost.

Elasticsearch logstash-contrib repo is deprecated. We have moved all of the plugins that existed there into their own repositories. We are migrating all of the pull requests and issues from logstash-contrib to the new repositories.

For more info on developing and testing these plugins, please see the README on any plugin repository.

Plugin Issues and Pull Requests

We are migrating all of the existing pull requests to their respective repositories. Rest assured, we will maintain all of the git history for these requests.

Please open new issues and pull requests for plugins under its own repository

For example, if you have to report an issue/enhancement for the Elasticsearch output, please do so here.

Logstash core will continue to exist under this repository and all related issues and pull requests can be submitted here.

Need Help?

Need help? Try #logstash on freenode irc or the mailing list.

You can also find documentation on the site.


To get started, you'll need ruby version 1.9.x or above and it should come with the rake tool.

Windows only Please set the JAVA_HOME path to your JDK installation directory. For example set JAVA_HOME=<JDK_PATH>

Here's how to get started with Logstash development:

rake test:install-core

Other commands:

# to use Logstash gems or libraries in irb, use the following
# this gets you an 'irb' shell with Logstash's environment
bin/logstash irb

# Run Logstash
bin/logstash agent [options]

Notes about using other rubies. If you don't use rvm, you can probably skip this paragraph. Logstash works with other rubies, and if you wish to use your own ruby you must set USE_RUBY=1 in your environment.

Drip Launcher

Drip is a launcher for the Java Virtual Machine that provides much faster startup times than the java command. The drip script is intended to be a drop-in replacement for the java command, only faster. We recommend using drip during development.

To tell Logstash to use drip, either set the USE_DRIP=1 environment variable or set JAVACMD=`which drip`.


Unlike nailgun, drip does not reuse the same JVM. So once your app quits, drip will launch another JVM. This means that if you try to re-run Logstash right after it exited, you might still have a startup delay


There are a few ways to run the tests. For development, using bin/logstash rspec <some spec> will suffice, however you need to run bin/plugin install --development beforehand so you've all development dependencies installed.

If everything goes as expected you will see an output like:

% bin/logstash rspec spec/core/timestamp_spec.rb
Using Accessor#strict_set for spec
13 examples, 0 failures
Randomized with seed 8026

If you want to run all the tests from source, keep in mind to run rake test:install-core beforehand, you can do:

rake test


Building is not required. You are highly recommended to download the releases we provide from the Logstash site!

Note Before you build the artifacts, you need to run:

rake artifact:freeze-defaults-gemfile 

If you want to build the release tarball yourself, run:

rake artifact:tar

You can build rpms and debs, if you need those. Building rpms requires you have fpm, then do this:

# Build an RPM
rake artifact:rpm

# Build a Debian/Ubuntu package
rake artifact:deb

Project Principles

  • Community: If a newbie has a bad time, it's a bug.
  • Software: Make it work, then make it right, then make it fast.
  • Technology: If it doesn't do a thing today, we can make it do it tomorrow.


All contributions are welcome: ideas, patches, documentation, bug reports, complaints, and even something you drew up on a napkin.

Programming is not a required skill. Whatever you've seen about open source and maintainers or community members saying "send patches or die" - you will not see that here.

It is more important to me that you are able to contribute.

For more information about contributing, see the CONTRIBUTING file.

Something went wrong with that request. Please try again.