=====Overview=====
Logstash is generally used to collect information about logs. It can collect the data locally or from beat engine as we can configure it, but firstly let's install it :)


=====Logstash=====
Feel free to download the latest (6.3.1, however I don't like 6.3 since a lot of features of x-pack are paid :) ) So let's download 6.2.4

===Download===
<sxh bash>
root@dokuwiki ~]# wget https://artifacts.elastic.co/downloads/logstash/logstash-6.2.4.rpm
--2018-07-17 19:32:32--  https://artifacts.elastic.co/downloads/logstash/logstash-6.2.4.rpm
Resolving artifacts.elastic.co... 54.235.82.130, 107.21.237.95, 107.21.253.15, ...
Connecting to artifacts.elastic.co|54.235.82.130|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 148204622 (141M) [binary/octet-stream]
Saving to: “logstash-6.2.4.rpm”

100%[============================================================================================================================================================================================================>] 148,204,622 36.2M/s   in 5.0s    

2018-07-17 19:32:38 (28.2 MB/s) - “logstash-6.2.4.rpm” saved [148204622/148204622]

[root@dokuwiki ~]# 
</sxh>

===Install===
<sxh bash>
[root@dokuwiki ~]# rpm -Uvh logstash-6.2.4.rpm 
Preparing...                ########################################### [100%]
   1:logstash               ########################################### [100%]
Using provided startup.options file: /etc/logstash/startup.options
Successfully created system startup script for Logstash
[root@dokuwiki ~]# 
</sxh>

===Configuration===

<sxh bash>
http.host: "IP"
xpack.monitoring.elasticsearch.url: ["http://IP:PORT"]
xpack.monitoring.elasticsearch.username: "elastic"
xpack.monitoring.elasticsearch.password: "password3"

path.config: /etc/logstash/pipeline

</sxh>


===Install X-PACK===
<sxh bash>
[root@dokuwiki bin]# /usr/share/logstash/bin/logstash-plugin install x-poack
^C[root@dokuwiki bin]# /usr/share/logstash/bin/logstash-plugin install x-pack
Downloading file: https://artifacts.elastic.co/downloads/logstash-plugins/x-pack/x-pack-6.2.4.zip
Downloading [=============================================================] 100%
Installing file: /tmp/studtmp-4e494ad4d8b5384eaf52f4bd3e10fcdf33e38a7f56979511c1701a72cf9b/x-pack-6.2.4.zip
Install successful
</sxh>


===Start Logstash===
<sxh bash>
[root@dokuwiki bin]# ./logstash --path.settings /etc/logstash/
Sending Logstash's logs to /usr/share/logstash/logs which is now configured via log4j2.properties
[root@dokuwiki bin]# 
</sxh>