The Logstash Book
What's in the book?
Sign up for updates
Versions and Errata
Mail errata and issues
To download new versions:
If you bought directly from this site use your existing download link. If you need a new email link please email me.
If you bought from Amazon or another online vendor please contact their support and request an updated download.
v5.0.1 - xxx
Typo fixed thanks to Pär Björklund
v5.0.0a - 11/5/2016
Alpha release of v5.0.0 rewrite.
Added structured logging chapter.
Rewrote filtering chapter.
Rewrote installation sections.
Rewrote scaling sections.
Removed Redis as a broker.
v2.4.1 - 10/25/2016
Typos fixed thanks to Jan Hacker.
v2.4.0 - 9/16/2016
Updated to 2.4.0.
v2.3.1 - 5/6/2016
Updated to 2.3.2.
Updated bin/logstash-plugin command.
v2.2.2 - 3/21/2016
Added permissions explanation to Chapter 3.
Updated to 2.2.2.
Updated Kibana installation for packages.
v2.1.1 - 1/30/2016
Several errata fixes thanks to Torsten Luettgert
Typo fixed thanks to Radko Dinev
Updated Kibana configuration
Thanks for Alex Ivanov for finding some 1.5 references
Updated installation instruction in places
v2.1.0 - 12/9/2015
Updated for Logstash 2.1
Updated scaling and cluster configuration.
Added Filebeat to Shippers chapter.
Updated the Getting Started chapter for 2.1.0.
Fixed two bugs thanks to Jeff Schmidt
v2.0.0 - 10/29/2015
Updated for Logstash 2.0
Typo fixed thanks to Graham Williamson
Lots of cookbook et al links updated thanks to Adrian Moisey.
Link to command line flags fixed thanks to Douglas Donahue
v1.5.3 - 8/2/2015
Added links to configuration management modules and Docker images for installation.
Fixed numerous errata thanks to Jan-Jaap Oosterwijk.
Fixed title thanks to Félix Barbeira.
Fixed patterns link thanks to Juan-Luis de Sousa-Valadas Castaño.
Updated versions and logstash-forwarder installation and configuration.
v1.5.1 - 5/21/2015
Fixed plugins to plugin thanks to Félix Barbeira.
v1.5.0 - 5/19/2015
Updated for Logstash v1.5.0.
Updated to Kibana 4.x.
Updated installation section.
Updated custom plugins section in Chapter 8.
Added plugin manager section.
Fixed link thanks to nickdew.
Errata fixed thanks to Justin Honold.
v1.4.9 - 3/16/2015
Tag mismatch fixed thanks to Ivan Krizsan.
Plugin install fixed thanks to Mark Smithson.
Added note about permissions thanks to Johannes Opper.
Numerous fixes thanks to Galen Johnson.
v1.4.3 - 12/22/2014
Fixed typo found by Scott Fringer.
Removed Logstash cookbook site.
Moved ES sections in Chapter 3 thanks to Jimmy Prescott.
Updated links so that "here" means something in a hard-copy.
v220.127.116.11 - 7/11/2014
Updated ElasticSearch version to match required version for Logstash.
v1.4.2 - 6/25/2014
Removed remaining shipper.log references thanks to Nguyen Vu Long.
Updated for v1.4.2.
v1.4.1 - 5/8/2014
Updated to v1.4.1.
Fixed download link typo thanks to @chmeee.
Fixed removal of START variable thanks to @volker.
Added additional timestamp to fix
- Thanks to Garth Kidd.
v1.4.0 - 3/20/2014
Replaced manual tarball installation with package install for Logstash
Added section in Chapter 7 on Curator
Mentioned the new
community plugins repo
Updated to ElasticSearch 1.0.0
Updated for new bin/logstash binary
Updated to remove embed into JAR plugins model
Updated for 1.4.0 deprecations
Added more on template mapping checks
Removed deprecated link thanks to Phil Helmer
Changed all -v flags to --verbose flags
Added note about -f directory configuration loading
Fixed broken links and Redis formatting issue thanks to Jyrki Puttonen
Fixed camel case Elasticsearch
v1.3.4 - 1/26/2014
Updated for LogStash 1.3.3
Added mention of redis-cli and llen in Chapter 3
Added mutate section in Chapter 5
Replaced all LogStash references with Logstash
Added trademark notices
v1.3.3 - 12/29/2013
Added section for custom log entry parsing in Chapter 5
Added some more context/content on Redis
Updated download locations
Added mention of user agent and geoip in Chapter 5
v1.3.2 - 12/23/2013
Updated for Logstash 1.3.2
v1.3.1 - 12/12/2013
Removed ElasticSearch template references as a default is now applied.
Updated Logstash version to 1.3.1.
v1.2.6 - 11/20/2013
Updated Lumberjack references to Logstash Forwarder
v1.2.5 - 10/24/2013
Updated Codec link thanks to Douglas Thomas
Updated many links thanks to the great ElasticSearch website re-org (mostly thanks to Frank Limstrand)
Tried to fix overflowing Listing in C8. Better but not perfect.
v1.2.4 - 10/12/2013
Sentence structure and syntax fixes from Frank Limstrand
Fixed date filter deprecation in Chapter 6
Updated API for ElasticSearch template thanks to Alex Fisher
v1.2.3 - 10/7/2013
Number of fixes thanks to Frank Limstrand
Fixed to Redis installation, init script and curl command thanks to Bob Stine
Format fix thanks to Felix Barbeira
v1.2.2 - 9/22/2013
Fixed code link.
Fixed a number of typos, issues and bad code examples thanks to feedback from Volker Uhrig!
v1.2.1 - 9/7/2013
Updated versions to 1.2.1
Fixed issue with Lumberjack init scripts
Fixed typo in C7 shipper.conf
Renamed code files
Fixed command error and typo found by Terry Healy
v1.2.0 - 9/1/2013
This is a major update to the book which covers Logstash 1.2.0 and later versions. I strongly recommend you upgrade Logstash.
Updated versions for ElasticSearch and Logstash
Updated event schema for v1.2
Updated Lumberback configuration in Chapter 4
Added version warning
Updated plugin_status to milestone
Removed references to debug in plugins
Changed references in grok from pattern to match
Fixed Nagios service config thanks to Jean Rémond
Added mention of new conditional configuration file syntax
Replaced use of grep with conditionals where required
Replaced all references to old Logstash Web Interface with Kibana
Replaced all references to formats with codecs
Added references to field sprintf syntax
v1.1.3 - 6/20/2013
Updated -h setting for redis-cli
Fixed postfix_pattern file and names
Fixed incorrect web dashboard startup
Updated list links
Added Redis version requirement
Updated versions to 1.1.12 and 0.20.5 for ES
Fixed some code examples
Updated references to monolithic jar to flatjar
Fixed uses of emph with proper Markdown.
Fixed code wrapping in ePub.
Fixed typo on page 127 with capital S.
Fixed missing links and admonitions in ePub and Kindle.
Fixed link to code in Frontsmatter.
Fixed a type and wrong redisserver package name for Red Hat.
Fixed long dashes.
Changed ES template application order.
Fixed TOC error.
Fixed typo in agent init script.
Fixed several typos.
Fixed Redis header.
Removed Beaver version from pip.