Features of Logstash
Centralize Data Processing of All Types: Logstash is a data pipeline that helps you process logs and other event data from a variety of systems. With 200 plugins and counting, it can be connected to a variety of sources and stream data at scale to a central analytics system.
Normalize Varying Schema: Business-critical data is often scattered among different systems, each in its own format. Logstash allows you to parse this data and converge on a common format before inserting it into your analytics datastore of choice. Here are some of transformations that can be dynamically applied to your data:
- Create structure for unstructured data using grok
- Gain geographical data from IP addresses
- Exclude sensitive PII data completely
- Create an easier processing environment, regardless of the source
Extend to Custom Log Formats: Most logs written by infrastructure and applications have custom formats. Logstash provides a fast and convenient way to custom logic for parsing these logs at scale..
Add Plugins for Custom Sources: Built with extensibility in mind, Logstash provides an API for rapid plugin development by the community. With recent improvements to the plugin ecosystem, contributors can publish new plugins at any time.
Fully secured ingest pipelines: Deliver your data at-least-one using a persistant queue in the event of failure. The ingest queue is also scalable, absorbing throughput spikes without an external queueing layer.