About TrustRadius Scoring
Score 7.3 out of 100


Recent Reviews

Video Reviews

Leaving a video review helps other professionals like you evaluate products. Be the first one in your network to record a review of Logstash, and make your voice heard!


View all pricing

Sorry, this product's description is unavailable

Entry-level set up fee?

  • No setup fee


  • Free Trial
  • Free/Freemium Version
  • Premium Consulting / Integration Services

Would you like us to let the vendor know that you want pricing?

1 person want pricing too

Alternatives Pricing

What is SolarWinds Kiwi Syslog Server?

Solarwinds® Kiwi Syslog® Server is a syslog management tool for network and systems engineers. It receives syslog messages and SNMP traps from network devices (routers, switches, firewalls, etc.), and Linux®/Unix® hosts. Users can filter and view these messages based on time, hostname, severity,…

What is Datadog?

Datadog is a monitoring service for IT, Dev and Ops teams who write and run applications at scale, and want to turn the massive amounts of data produced by their apps, tools and services into actionable insight.

Features Scorecard

No scorecards have been submitted for this product yet..

Product Details

What is Logstash?

Logstash Technical Details

Operating SystemsUnspecified
Mobile ApplicationNo


View all alternatives

Reviews and Ratings



(1-3 of 3)
Companies can't remove reviews or game the system. Here's why
Score 10 out of 10
Vetted Review
Verified User
Review Source
We investigated (and use) Logstash as apart of our ELK (Elasticsearch, Logstash and Kibana) stack. We input data from websites that post daily updates. This data is read into Logstash from RSS feeds, transformed in Logstash, then Sent to Elasticsearch / Kibana for visualization and reporting. Our problem was we needed to scrape large amounts of unstructured data from multiple sites that provided users the ability to post information. This information was free form. To make matters more interesting, these sites did not have an open API to query the data directly, so writing a simple cURL bot would not suffice. Therefore, we turned to ELK, due to previous projects where we employed ELK successfully. So the primary Return On Investment (ROI) is the fact that we had a fast, tightly Cohesive (but loosely coupled) stack of software that we knew how to configure and integrate well with our Laboratory.
  • Modern: most Admin, Server and/or DevtyOps-Centric software worth it's salt will have the ability to configure it's services and features from a small webpage and REST API. Logstash is no exception
  • Speed: Logstash configuration is just a reload away. While you CAN use the gui (see point above), editing the configuration files directly is also a great option. Our configuration files are hosted on an internal Repository, that once we make a change, we and track them as we do a reload, and those changes are reflected in Logstash almost immediately (dependent on the Data Source's speed and flow of Data)
  • Configuration: Logstash is very simple to configure, and fulfills our desire to keep configuration files in a plantext format.
  • OpenSource friendly: Logstash is opensource, and built with open source tools
  • Memory: Logstash is a HOG, if you are deploying it on commodity (i.e. cheap and old) hardware: You will need at least 2GB, just for Logstash. So don't expect to run your entire ELK stack on one AMD Athlon machine.
  • Overlap: Logstash fills in an area of the ELK stack that makes the most sense: as a log file transformer / shipper. However, if you start breaking that stack, with the addition of other components- you start seeing where features of Logstash may be implemented or solved in the additional components much easier (or better, or to a higher degree of resolution)
  • More Overlap: Since my team employs Syslog-ng extensively- Logstash can sometimes get in the way (and this may be a problem for DevOps stacks overall): You can configure Syslog to record certain information from a source, filter that data, and even export that data in a particular format. Logstash will pick that data up, and then parse it. However, if you don't keep your Syslog-ng configuration files, and your Logstash configuration files in sync, your results will not be what you expected, and this will translate into (sometimes) hours/days of work, hunting down a line item in a configuration file.
Perfect for projects where Elasticsearch makes sense: if you decide to employ ES in a project, then you will almost inevitably use LogStash, and you should anyways. Such projects would include: 1. Data Science (reading, recording or measure web-based Analytics, Metrics) 2. Web Scraping (which was one of our earlier projects involving LogStash) 3. Syslog-ng Management: While I did point out that it can be a bit of an electric boo-ga-loo in finding an errant configuration item, it is still worth it to implement Syslog-ng management via LogStash: being able to fine-tune your log messages and then pipe them to other sources, depending on the data being read in, is incredibly powerful, and I would say is exemplar of what modern Computer Science looks like: Less Specialization in mathematics, and more specialization in storing and recording data (i.e. Less Engineering, and more Design).
Jordan Moore | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User
Review Source
My primary use case for Logstash is ingesting log files into a local Elasticsearch&Kibana Docker container so that I can easily search though the logs better. My favorite feature is the grok parser as it is easy to decompose complex regular expressions into simplified patterns. Logstash has a plethora of available plugins, but the out of the box connections have addressed all my needs thus far.
  • Plugin ecosystem allows modular extensions.
  • Tight integration into the Elastic.com products of Beats and Elasticsearch, so minimal setup is required when using those tools.
  • Filter plugins are powerful for extracting and enriching input data.
  • Since it's a Java product, JVM tuning must be done for handling high-load.
  • The persistent queue feature is nice, but I feel like most companies would want to use Kafka as a general storage location for persistent messages for all consumers to use. Using some pipeline of "Kafka input -> filter plugins -> Kafka output" seems like a good solution for data enrichment without needing to maintain a custom Kafka consumer to accomplish a similar feature.
  • I would like to see more documentation around creating a distributed Logstash cluster because I imagine for high ingestion use cases, that would be necessary.
Logstash is well suited for tight integration into the ELK stack, but it is also flexible enough to support other ingestion workloads similar to any other message bus or queueing framework. Compared to a message queue, though, Logstash also supports various filter and enrichment plugins that allow you to manipulate data as it passes through the system.
Rahul Chaudhary | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User
Review Source
We were introduced to Logstash via the ELK stack. Our application generates many data points, and one of many patterns we had seen was to store it in elastic search. Logstash was the router which actually sent data to ES, and received data from our applications. The power of Logstash was quickly realized when we increased the number of source applications generating different kinds of data, but the ingestion point remained same. Since then Logstash has been one of my team's favorite tools and is one of the few things which you can set once and forget. We are happy users of Logstash and expect to use it more in the future.
  • Logstash design is definitely perfect for the use case of ELK. Logstash has "drivers" using which it can inject from virtually any source. This takes the headache from source to implement those "drivers" to store data to ES.
  • Logstash is fast, very fast. As per my observance, you don't need more than 1 or 2 servers for even big size projects.
  • Data in different shape, size, and formats? No worries, Logstash can handle it. It lets you write simple rules to programmatically take decisions real-time on data.
  • You can change your data on the fly! This is the CORE power of Logstash. The concept is similar to Kafka streams, the difference being the source and destination are application and ES respectively.
  • Logstash is all command line, and it can become overwhelming for new developers. If it has any sort of UI, then I don't know about it.
  • Documentation could have been better. But this is a work in progress, and with time I am sure community will help with documentation.
  • Community support! Being a relatively new tool, the adoption is still mature, and finding answers can be challenging sometimes.
Logstash is a must in an ELK stack, which I am sure is going to be the #1 case. At any point when you have several sources, Logstash can be the common point to aggregate, and categorize those data. Then send this new data to its destination. Very handy. It is free and open source.

It may not be appropriate to analyze data-sets dependent on each other but from a different data source. Reason being Logstash works on data at hand, and not wait for other data to arrive. It would be unwise for Logstashh to handle complicated, long-running transformations because this is injected and ejected. The faster you do it, the safer.