Logstash, getting my feet wet

Some instructions on how to get started: http://logstash.net/docs/1.3.2/tutorials/getting-started-simple

Also this video tutorial is a lifesaver.

mkdir /opt/logstash/
cd /opt/logstash/
wget https://download.elasticsearch.org/logstash/logstash/logstash-1.3.2-flatjar.jar -O logstash.jar

Exercise one: simple input, simple output:
vi sample.conf

input {
  stdin { }
}
output {
  stdout {
    debug => true
  }
}

run it:
java -jar logstash.jar agent -v -f sample.conf

Pipeline started {:level=>:info}
pippo
output received {:event=>#@data={"message"=>"pippo", "@version"=>"1", 
"@timestamp"=>"2014-01-04T11:11:42.559Z", 
"host"=>"osb-vagrant.acme.com"}, @cancelled=false>, :level=>:info}
{
"message" =>"pippo",
"@version" =>"1",
"@timestamp" =>"2014-01-04T11:11:42.559Z",
"host" =>"osb-vagrant.acme.com"
}

Running "java -jar logstash.jar agent -vv -f sample.conf" can be quite educational.

Removing the "debug => true" from the sample.conf:

java -jar logstash.jar agent -f sample.conf

pippo
2014-01-04T11:34:40.255+0000 osb-vagrant.acme.com pippo

To activate the embedded elasticsearch:
vi es.conf

input {
  file {
    path =>"/opt/logstash/myfile.log"
  }
}

output {
  elasticsearch {
    embedded => true
  }
}

at this point, whatever you add in myfile.log will automatically appear in elasticsearch.
If you run logstash with the "web" option:
java -jar logstash.jar agent -f es.conf -- web
then access kibana: http://yourhost:9292
Here http://logstash.net/docs/1.3.2/ you find detailed documentation of each input, codec, output, filter stanzas.