TrustRadius
Logstash is the best for ELK stacks!We were introduced to Logstash via the ELK stack. Our application generates many data points, and one of many patterns we had seen was to store it in elastic search. Logstash was the router which actually sent data to ES, and received data from our applications. The power of Logstash was quickly realized when we increased the number of source applications generating different kinds of data, but the ingestion point remained same. Since then Logstash has been one of my team's favorite tools and is one of the few things which you can set once and forget. We are happy users of Logstash and expect to use it more in the future.,Logstash design is definitely perfect for the use case of ELK. Logstash has "drivers" using which it can inject from virtually any source. This takes the headache from source to implement those "drivers" to store data to ES. Logstash is fast, very fast. As per my observance, you don't need more than 1 or 2 servers for even big size projects. Data in different shape, size, and formats? No worries, Logstash can handle it. It lets you write simple rules to programmatically take decisions real-time on data. You can change your data on the fly! This is the CORE power of Logstash. The concept is similar to Kafka streams, the difference being the source and destination are application and ES respectively.,Logstash is all command line, and it can become overwhelming for new developers. If it has any sort of UI, then I don't know about it. Documentation could have been better. But this is a work in progress, and with time I am sure community will help with documentation. Community support! Being a relatively new tool, the adoption is still mature, and finding answers can be challenging sometimes.,9,Positive: Learning curve was relatively easy for our team. We were up and running within a sprint. Positive: Managing Logstash has generally been easy. We configure it, and usually, don't have to worry about misbehavior. Negative: Updating/Rehydrating Logstash servers have been little challenging. We sometimes even loose data while Logstash is down. It requires more in-depth research and experiments to figure the fine-grained details. Negative: This is now one more application/skill/server to manage. Like any other servers, it requires proper grooming or else you will get in trouble. This is also a single point of failure which can have the ability to make other servers useless if it is not running.,Apache KafkaUseful Self-Hosted ETL tool for Event Driven ApplicationsMy primary use case for Logstash is ingesting log files into a local Elasticsearch&Kibana Docker container so that I can easily search though the logs better. My favorite feature is the grok parser as it is easy to decompose complex regular expressions into simplified patterns. Logstash has a plethora of available plugins, but the out of the box connections have addressed all my needs thus far.,Plugin ecosystem allows modular extensions. Tight integration into the Elastic.com products of Beats and Elasticsearch, so minimal setup is required when using those tools. Filter plugins are powerful for extracting and enriching input data.,Since it's a Java product, JVM tuning must be done for handling high-load. The persistent queue feature is nice, but I feel like most companies would want to use Kafka as a general storage location for persistent messages for all consumers to use. Using some pipeline of "Kafka input -> filter plugins -> Kafka output" seems like a good solution for data enrichment without needing to maintain a custom Kafka consumer to accomplish a similar feature. I would like to see more documentation around creating a distributed Logstash cluster because I imagine for high ingestion use cases, that would be necessary.,8,Logstash has allowed me to ingest log files of various patterns into Elasticsearch for analysis using its flexible Grok parser. I've been able to perform web analytics over datasets using Logstash's GeoIP and reverse DNS lookups. By providing a simple mechanism for adding plugins, Logstash has allowed me to install extensions on top of those already pre-installed.,Apache Kafka, Apache Flume, Apache Spark, Enterprise Fluentd and PaperTrail
  3. Logstash Reviews
Unspecified
Logstash
12 Ratings
Score 8.6 out of 101
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow'>trScore algorithm: Learn more.</a>TRScore

Logstash Reviews

Logstash
12 Ratings
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow'>trScore algorithm: Learn more.</a>
Score 8.6 out of 101
Show Filters 
Hide Filters 
Filter 12 vetted Logstash reviews and ratings
Clear all filters
Overall Rating
Reviewer's Company Size
Last Updated
By Topic
Industry
Department
Experience
Job Type
Role
Show All Filters
More Filters 
Less Filters 

Reviews (1-2 of 2)

  Vendors can't alter or remove reviews. Here's why.
Rahul Chaudhary profile photo
March 15, 2018

User Review: "Logstash is the best for ELK stacks!"

Rahul Chaudhary
Score 9 out of 10
Vetted Review
Verified User
Review Source
We were introduced to Logstash via the ELK stack. Our application generates many data points, and one of many patterns we had seen was to store it in elastic search. Logstash was the router which actually sent data to ES, and received data from our applications. The power of Logstash was quickly realized when we increased the number of source applications generating different kinds of data, but the ingestion point remained same. Since then Logstash has been one of my team's favorite tools and is one of the few things which you can set once and forget. We are happy users of Logstash and expect to use it more in the future.
  • Logstash design is definitely perfect for the use case of ELK. Logstash has "drivers" using which it can inject from virtually any source. This takes the headache from source to implement those "drivers" to store data to ES.
  • Logstash is fast, very fast. As per my observance, you don't need more than 1 or 2 servers for even big size projects.
  • Data in different shape, size, and formats? No worries, Logstash can handle it. It lets you write simple rules to programmatically take decisions real-time on data.
  • You can change your data on the fly! This is the CORE power of Logstash. The concept is similar to Kafka streams, the difference being the source and destination are application and ES respectively.
  • Logstash is all command line, and it can become overwhelming for new developers. If it has any sort of UI, then I don't know about it.
  • Documentation could have been better. But this is a work in progress, and with time I am sure community will help with documentation.
  • Community support! Being a relatively new tool, the adoption is still mature, and finding answers can be challenging sometimes.
Logstash is a must in an ELK stack, which I am sure is going to be the #1 case. At any point when you have several sources, Logstash can be the common point to aggregate, and categorize those data. Then send this new data to its destination. Very handy. It is free and open source.

It may not be appropriate to analyze data-sets dependent on each other but from a different data source. Reason being Logstash works on data at hand, and not wait for other data to arrive. It would be unwise for Logstashh to handle complicated, long-running transformations because this is injected and ejected. The faster you do it, the safer.
Read Rahul Chaudhary's full review
Jordan Moore profile photo
March 19, 2018

Logstash Review: "Useful Self-Hosted ETL tool for Event Driven Applications"

Jordan Moore
Score 8 out of 10
Vetted Review
Verified User
Review Source
My primary use case for Logstash is ingesting log files into a local Elasticsearch&Kibana Docker container so that I can easily search though the logs better. My favorite feature is the grok parser as it is easy to decompose complex regular expressions into simplified patterns. Logstash has a plethora of available plugins, but the out of the box connections have addressed all my needs thus far.
  • Plugin ecosystem allows modular extensions.
  • Tight integration into the Elastic.com products of Beats and Elasticsearch, so minimal setup is required when using those tools.
  • Filter plugins are powerful for extracting and enriching input data.
  • Since it's a Java product, JVM tuning must be done for handling high-load.
  • The persistent queue feature is nice, but I feel like most companies would want to use Kafka as a general storage location for persistent messages for all consumers to use. Using some pipeline of "Kafka input -> filter plugins -> Kafka output" seems like a good solution for data enrichment without needing to maintain a custom Kafka consumer to accomplish a similar feature.
  • I would like to see more documentation around creating a distributed Logstash cluster because I imagine for high ingestion use cases, that would be necessary.
Logstash is well suited for tight integration into the ELK stack, but it is also flexible enough to support other ingestion workloads similar to any other message bus or queueing framework. Compared to a message queue, though, Logstash also supports various filter and enrichment plugins that allow you to manipulate data as it passes through the system.
Read Jordan Moore's full review

Logstash Scorecard Summary

Likelihood to Recommend (12)
8.6

About Logstash

Categories:  Log Management

Logstash Technical Details

Operating Systems: Unspecified
Mobile Application:No