How to Install Logstash on Linux & Other Distributions

Logstash, the L in the ELK stack, is a tool to ingest data from multiple sources, process, transform, enrich and send it to Elasticsearch.

I have wrriten another tutorial series about the Elastic Stack, you can read it at: Elastic Stack Tutorial Series.

In simple words, you can use Logstash to extract the information you need from the raw data.

In this tutorial, I will show you how to install Logstash the easiest way on Linux.

How to Install Logstash on Linux

There are 5 common ways to install Logstash on Linux & other Linux distributions:

1. Install Logstash using tar.gz package (for all Linux distributions, recommended)
2. Install Logstash using apt (for Debian-based distributions)
3. Install Logstash using deb package (for Debian-based distributions)
4. Install Logstash using rpm package (for Red Hat-based distributions)
5. Install Logstash using Docker

Each way has its own pros and cons. To me, I suggest you to install Logstash using the tarball (tar.gz package) as it will be easy to customize the config later and can be installed on any Linux distributions.

However, I will show you all 5 ways to install Logstash on Linux. Let's get started.

The Logstash version at the time of writing is 8.11.1. The official download page is here, so you can choose your appropriate platform.

1. Install Logstash using tar.gz package

Using the tar.gz package, you can install Logstash on any Linux distributions.

To install Logstash using tar.gz package, follow these steps:

1. Download the Logstash tar.gz package:
   shell

   wget https://artifacts.elastic.co/downloads/logstash/logstash-8.11.1-linux-x86_64.tar.gz
   

2. Extract the tar.gz package:
   shell

   tar -xzf logstash-8.11.1-linux-x86_64.tar.gz
   

3. Now move it to the ~/elastic folder for easy management:
   shell

   mkdir ~/elastic
   mv logstash-8.11.1 ~/elastic
   

Logstash is installed at ~/elastic/logstash-8.11.1. To run it, use the command:

cd ~/elastic/logstash-8.11.1
bin/logstash

2. Install Logstash using apt

The apt package is available for Debian-based distributions such as Ubuntu, Debian, Linux Mint, etc.

To install Logstash using apt, follow these steps:

1. Download and install the public signing key:
   shell

   wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo gpg --dearmor -o /usr/share/keyrings/elastic-keyring.gpg
   

2. Install the apt-transport-https package on Debian-based distributions:
   shell

   sudo apt-get install apt-transport-https
   

3. Save the repository definition to /etc/apt/sources.list.d/elastic-8.x.list:
   shell

   echo "deb [signed-by=/usr/share/keyrings/elastic-keyring.gpg] https://artifacts.elastic.co/packages/8.x/apt stable main" | sudo tee -a /etc/apt/sources.list.d/elastic-8.x.list
   

4. Run apt update to update the package database, then install Logstash:
   shell

   sudo apt update && sudo apt install logstash
   

Now Logstash is installed at /usr/share/logstash. To run it as a service, use the command:

sudo systemctl start logstash

You can check the status of the service using the command:

sudo systemctl status logstash

If you see the status is active like the image, then Logstash is running successfully.

To stop Logstash, use the command:

sudo systemctl stop logstash

3. Install Logstash using deb package

Similar to the apt way, the deb package is also available for Debian-based distributions such as Ubuntu, Debian, Linux Mint, etc.

To install Logstash using deb package, follow these steps:

1. Download the Logstash deb package:
   shell

   wget https://artifacts.elastic.co/downloads/logstash/logstash-8.11.1-amd64.deb
   

2. Install the deb package:
   shell

   sudo dpkg -i logstash-8.11.1-amd64.deb
   

3. Start Logstash service:
   shell

   sudo systemctl start logstash
   

4. Check the Logstash service status:
   shell

   sudo systemctl status logstash
   

5. Stop Logstash service:
   shell

   sudo systemctl stop logstash
   

4. Install Logstash using rpm package

The rpm package is available for Red Hat-based distributions such as CentOS, SLES, OpenSuSE, etc.

To install Logstash using rpm package, follow these steps:

1. Download the Logstash rpm package:
   shell

   wget https://artifacts.elastic.co/downloads/logstash/logstash-8.11.1-x86_64.rpm
   

2. Install the rpm package:
   shell

   sudo rpm -ivh logstash-8.11.1-x86_64.rpm
   

3. Start Logstash service:
   shell

   sudo systemctl start logstash
   

4. Check the Logstash service status:
   shell

   sudo systemctl status logstash
   

5. Stop Logstash service:
   shell

   sudo systemctl stop logstash
   

5. Install Logstash using Docker

To install Logstash using Docker, follow these steps:

1. Pull the Logstash image from Docker Hub:
   shell

   docker pull docker.elastic.co/logstash/logstash:8.11.1
   

2. Run the Logstash container:
   shell

   docker run -d --name logstash -p 9600:9600 docker.elastic.co/logstash/logstash:8.11.1
   

3. Check the container status:
   shell

   docker ps
   

4. Check the Logstash logs:
   shell

   docker logs logstash
   

5. Stop the Logstash container:
   shell

   docker stop logstash
   

Conclusion

Congratulations, you have installed Logstash on Linux successfully.

If you need any assistance, feel free to leave a comment below.