How to Install Logstash on Ubuntu & Other Linux Distributions

Disclaimer: All content on this website is derived directly from my own expertise and experiences. No AI-generated text or automated content creation tools are used.

Logstash, the L component in the ELK stack, is a tool to ingest data from multiple sources, process, transform, enrich, and send it to Elasticsearch.

In simple words, you can use Logstash to extract the information you need from the raw data.

In this tutorial, I will show you how to install Logstash the easiest way on Ubuntu & other Linux distributions.

How to Install Logstash on Linux
Conclusion

How to Install Logstash on Linux

There are 5 common ways to install Logstash on Ubuntu & other Linux distributions:

Install Logstash using the tar.gz package (for all Linux distributions, recommended)
Install Logstash using apt (for Debian-based distributions)
Install Logstash using the deb package (for Debian-based distributions)
Install Logstash using the rpm package (for Red Hat-based distributions)
Install Logstash using Docker

Each way has its pros and cons. To me, I suggest you install Logstash using the tarball (tar.gz package) as it will be easy to customize the config later and can be installed on any Linux distribution.

However, I will show you all 5 ways to install Logstash on Linux. Let's get started.

The Logstash version at the time of writing is 8.11.3. You can choose your appropriate platform by visiting the official download page.

1. Install Logstash using the tar.gz package

Using the tar.gz package, you can install Logstash on any Linux distribution.

To install Logstash using the tar.gz package, follow these steps:

Download the Logstash tar.gz package:

console


wget https://artifacts.elastic.co/downloads/logstash/logstash-8.11.3-linux-x86_64.tar.gz

Extract the tar.gz package:

console


tar -xzf logstash-8.11.3-linux-x86_64.tar.gz

Now move it to the ~/elastic folder for easy management:
console
```
mkdir ~/elastic
mv logstash-8.11.3 ~/elastic
```

Logstash is installed at ~/elastic/logstash-8.11.3. To run it, use the command:

console


cd ~/elastic/logstash-8.11.3
bin/logstash

2. Install Logstash using apt

The apt package is available for Debian-based distributions such as Ubuntu, Debian, Linux Mint, etc.

To install Logstash using apt, follow these steps:

Download and install the public signing key:

console


wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo gpg --dearmor -o /usr/share/keyrings/elastic-keyring.gpg

Install the apt-transport-https package on Debian-based distributions:
console
```
sudo apt-get install apt-transport-https
```

Save the repository definition to /etc/apt/sources.list.d/elastic-8.x.list:

console


echo "deb [signed-by=/usr/share/keyrings/elastic-keyring.gpg] https://artifacts.elastic.co/packages/8.x/apt stable main" | sudo tee -a /etc/apt/sources.list.d/elastic-8.x.list

Run apt update to update the package database, then install Logstash:
console
```
sudo apt update && sudo apt install logstash
```

Now Logstash is installed at the default directory: /usr/share/logstash. To run it as a service, use the command:

console


sudo systemctl start logstash

You can check the status of the service using the command:

console


sudo systemctl status logstash

If you see the status is active like the image, then Logstash is running successfully.

Figure: Checking Logstash service status

To stop Logstash, use the command:

console


sudo systemctl stop logstash

3. Install Logstash using the deb package

Similar to the apt way, the deb package is also available for Debian-based distributions such as Ubuntu, Debian, Linux Mint, etc.

To install Logstash using the deb package, follow these steps:

Download the Logstash deb package:

console


wget https://artifacts.elastic.co/downloads/logstash/logstash-8.11.3-amd64.deb

Install the deb package:
console
```
sudo dpkg -i logstash-8.11.3-amd64.deb
```
Start Logstash service:
console
```
sudo systemctl start logstash
```
Check the Logstash service status:
console
```
sudo systemctl status logstash
```
Stop Logstash service:
console
```
sudo systemctl stop logstash
```

4. Install Logstash using the rpm package

The rpm package is available for Red Hat-based distributions such as CentOS, SLES, OpenSuSE, etc.

To install Logstash using the rpm package, follow these steps:

Download the Logstash rpm package:

console


wget https://artifacts.elastic.co/downloads/logstash/logstash-8.11.3-x86_64.rpm

Install the rpm package:

console


sudo rpm -ivh logstash-8.11.3-x86_64.rpm

Start Logstash service:
console
```
sudo systemctl start logstash
```
Check the Logstash service status:
console
```
sudo systemctl status logstash
```
Stop Logstash service:
console
```
sudo systemctl stop logstash
```

5. Install Logstash using Docker

To install Logstash using Docker, follow these steps:

Pull the Logstash image from Docker Hub:

console


docker pull docker.elastic.co/logstash/logstash:8.11.3

Run the Logstash container:

console


docker run -d --name logstash -p 9600:9600 docker.elastic.co/logstash/logstash:8.11.3

Check the container status:
console
```
docker ps
```
Check the Logstash logs:
console
```
docker logs logstash
```
Stop the Logstash container:
console
```
docker stop logstash
```

Conclusion

Congratulations, you have installed Logstash on Linux successfully.

If you need any assistance, feel free to leave a comment below.