How to install logstash on centos

We will learn How to install logstash on centos. logstash is opensource tool which use for ma
nage the events and logs and process the logs.

Logstash :-

1. Install the Java in Machine :-

sudo yum -y install java-1.8.0-openjdk

2. Please use below command to install Logstash :-

sudo rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch

3. Create Repo file :-

vim /etc/yum.repos.d/elasticsearch.repo

[logstash]
name=Elastic repository for 6.x packages
baseurl=https://artifacts.elastic.co/packages/6.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md

4. Install Package from logstash repo file :-

sudo yum install logstash -y

You can also Install from here link

5. Add the below entry below file :-

vim /etc/logstash/conf.d/logstash-syslog-filter.conf

filter {
  if [type] == "syslog" {
    grok {
      match => { "message" => "%{SYSLOGTIMESTAMP:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} %{DATA:syslog_program}(?:\[%{POSINT:syslog_pid}\])?: %{GREEDYDATA:syslog_message}" }
      add_field => [ "received_at", "%{@timestamp}" ]
      add_field => [ "received_from", "%{host}" ]
    }
    date {
      match => [ "syslog_timestamp", "MMM  d HH:mm:ss", "MMM dd HH:mm:ss" ]
    }
  }
}

vim /etc/logstash/conf.d/logstash-syslog.conf

input {
  file {
    path => [ "/var/log/nginx/*.log", "/var/log/messages", "/var/log/syslog" ]
    type => "syslog"
  }
}
output {
    elasticsearch {
        hosts => ["localhost:9200"]
    }
}

6. Restart and Enable the Logstash Service :-

service logstash restart
service logstash status
systemctl enable logstash