- Logstash Reference: other versions:
- Logstash Introduction
- Getting Started with Logstash
- Breaking Changes
- Upgrading Logstash
- Configuring Logstash
- Performance Troubleshooting Guide
- Working with plugins
- Input plugins
- beats
- couchdb_changes
- drupal_dblog
- elasticsearch
- exec
- eventlog
- file
- ganglia
- gelf
- generator
- graphite
- github
- heartbeat
- heroku
- http
- http_poller
- irc
- imap
- jdbc
- jmx
- kafka
- log4j
- lumberjack
- meetup
- pipe
- puppet_facter
- relp
- rss
- rackspace
- rabbitmq
- redis
- salesforce
- snmptrap
- stdin
- sqlite
- s3
- sqs
- stomp
- syslog
- tcp
- unix
- udp
- varnishlog
- wmi
- websocket
- xmpp
- zenoss
- zeromq
- Output plugins
- boundary
- circonus
- csv
- cloudwatch
- datadog
- datadog_metrics
- elasticsearch
- elasticsearch_java
- exec
- file
- google_bigquery
- google_cloud_storage
- ganglia
- gelf
- graphtastic
- graphite
- hipchat
- http
- irc
- influxdb
- juggernaut
- jira
- kafka
- lumberjack
- librato
- loggly
- mongodb
- metriccatcher
- nagios
- null
- nagios_nsca
- opentsdb
- pagerduty
- pipe
- riemann
- redmine
- rackspace
- rabbitmq
- redis
- riak
- s3
- sqs
- stomp
- statsd
- solr_http
- sns
- syslog
- stdout
- tcp
- udp
- webhdfs
- websocket
- xmpp
- zabbix
- zeromq
- Filter plugins
- aggregate
- alter
- anonymize
- collate
- csv
- cidr
- clone
- cipher
- checksum
- date
- de_dot
- dns
- drop
- elasticsearch
- extractnumbers
- environment
- elapsed
- fingerprint
- geoip
- grok
- i18n
- json
- json_encode
- kv
- mutate
- metrics
- multiline
- metaevent
- prune
- punct
- ruby
- range
- syslog_pri
- sleep
- split
- throttle
- translate
- uuid
- urldecode
- useragent
- xml
- zeromq
- Codec plugins
- Contributing to Logstash
- How to write a Logstash input plugin
- How to write a Logstash input plugin
- How to write a Logstash codec plugin
- How to write a Logstash filter plugin
- Contributing a Patch to a Logstash Plugin
- Logstash Plugins Community Maintainer Guide
- Submitting your plugin to RubyGems.org and the logstash-plugins repository
- Glossary of Terms
- Release Notes
Upgrading Logstash and Elasticsearch to 2.0
editUpgrading Logstash and Elasticsearch to 2.0
editIf you are using Elasticsearch as an output, and wish to upgrade to Elasticsearch 2.0, please be aware of breaking changes before you upgrade. In addition, the following steps needs to be performed after upgrading to Elasticsearch 2.0:
Mapping changes: Users may have custom template changes, so by default a Logstash upgrade will leave the template as is. Even if you don’t have a custom template, Logstash will not overwrite an existing template by default.
There is one known issue (removal of path) with using GeoIP filter that needs a manual update to the template.
Note: If you have custom template changes, please make sure to save it and merge any changes. You can get the existing template by running:
curl -XGET localhost:9200/_template/logstash
Add the following option to your Logstash config:
output { elasticsearch { template_overwrite => true } }
Restart Logstash.
Dots in fields: Elasticsearch 2.0 does not allow field names to contain the . character.
Further details about this change here. Some plugins already have been updated to compensate
for this breaking change, including logstash-filter-metrics and logstash-filter-elapsed.
These plugin updates are available for Logstash 2.0. To upgrade to the latest version of these
plugins, the command is:
bin/logstash-plugin update <plugin_name>
Multiline Filter: If you are using the Multiline Filter in your configuration and upgrade to Logstash 2.0,
you will get an error. Make sure to explicitly set the number of filter workers (-w) to 1. You can set the number
of workers by passing a command line flag such as:
bin/logstash -w 1