Working with plugins

xattr -d -r com.apple.quarantine <archive-or-directory>

xattr -d -r com.apple.quarantine logstash-9.0.0-beta1

Logstash has a rich collection of input, filter, codec, and output plugins. Check out the Elastic Support Matrix to see which plugins are supported at various levels.

Plugins are available in self-contained packages called gems and hosted on RubyGems.org. Use the plugin manager script--bin/logstash-plugin--to manage plugins:

• Listing plugins
• Adding plugins to your deployment
• Updating plugins
• Removing plugins
• Advanced: Adding a locally built plugin
• Advanced: Using --path.plugins

If you don’t have an internet connection, check out Offline Plugin Management for information on building, installing, and updating offline plugin packs.

Most plugin manager commands require access to the internet to reach RubyGems.org. If your organization is behind a firewall, you can set these environments variables to configure Logstash to use your proxy.

export http_proxy=http://localhost:3128
export https_proxy=http://localhost:3128

Logstash release packages bundle common plugins. To list the plugins currently available in your deployment:

bin/logstash-plugin list 1
bin/logstash-plugin list --verbose 2
bin/logstash-plugin list '*namefragment*' 3
bin/logstash-plugin list --group output 4

1. Lists all installed plugins
2. Lists installed plugins with version information
3. Lists all installed plugins containing a namefragment
4. Lists all installed plugins for a particular group (input, filter, codec, output)

When you have access to internet, you can retrieve plugins hosted on the RubyGems.orgpublic repository and install them on top of your Logstash installation.

bin/logstash-plugin install logstash-input-github

After a plugin is successfully installed, you can use it in your configuration file.

Plugins have their own release cycles and are often released independently of Logstash’s core release cycle. Using the update subcommand you can get the latest version of the plugin.

bin/logstash-plugin update 1
bin/logstash-plugin update logstash-input-github 2

1. updates all installed plugins
2. updates only the plugin you specify

To avoid introducing breaking changes, the plugin manager updates only plugins for which newer minor or patch versions exist by default. If you wish to also include breaking changes, specify --level=major.

bin/logstash-plugin update --level=major 1
bin/logstash-plugin update --level=major logstash-input-github 2

1. updates all installed plugins to latest, including major versions with breaking changes
2. updates only the plugin you specify to latest, including major versions with breaking changes

If you need to remove plugins from your Logstash installation:

bin/logstash-plugin remove logstash-input-github

In some cases, you may want to install plugins which are not yet released and not hosted on RubyGems.org. Logstash provides you the option to install a locally built plugin which is packaged as a ruby gem. Using a file location:

bin/logstash-plugin install /path/to/logstash-output-kafka-1.0.0.gem

Using the Logstash --path.plugins flag, you can load a plugin source code located on your file system. Typically this is used by developers who are iterating on a custom plugin and want to test it before creating a ruby gem.

The path needs to be in a specific directory hierarchy: PATH/logstash/TYPE/NAME.rb, where TYPE is inputs filters, outputs or codecs and NAME is the name of the plugin.

# supposing the code is in /opt/shared/lib/logstash/inputs/my-custom-plugin-code.rb
bin/logstash --path.plugins /opt/shared/lib