Logstash on Windows–installation and I/O examples

Part 1: http://msprogrammer.serviciipeweb.ro/2016/12/05/logstash-on-windowsinstallation-and-io-examples/ 

Part 2 : http://msprogrammer.serviciipeweb.ro/2016/12/12/logstash-on-windows-transformation-of-data/

I was very impressed by the declaration of logstash :”Centralize, Transform & Stash Your Data”  . What I think it does it receives, transforms  and outputs data- and it does very configurables.

I will start with some easy examples .

Install

Download the logstash from https://www.elastic.co/downloads/logstash  -  there is a zip file. Download and unblock , then extract all contents .A folder will be created ( the name of my folder is logstash-5.0.0 ). Open a command prompt and run

logstash-5.0.0\bin\logstash

The answer could be several :

1. PC is missing java – go , download, unblock, execute

2. It says something about missing “ server “ folder on java installation – goto your Java installation folder and copy “client” folder to “server”

3. It says “ ERROR: No configuration file was specified “ -  Ok, it is perfect!

Execution

Logstash need input and output to be configured – because it transforms any “input” into any “output” that he knows( via plugins)

Ok, now let’s do a working example – reading and writing to console :

logstash-5.0.0\bin\logstash -e ‘input { stdin { } } output { stdout {} }’

Now when you write something such as

asdasdasd

,the answer will be

2026-11-05T20:11:30.883Z ANDREIPC asdasdasd

Well, this is the first transformation – console to console.

Let’s make something more complicated – now I want to read from tcp port 9000 and output to console – but to see the whole message. For this we will create a file, named tcp.txt, with the following content:

input {
  tcp {
    port => 9000
    type => "tcpLog"
  }
}
  output {
stdout {codec => rubydebug}

}

( the code is for seeing more details about the message  ) And we will run

logstash-5.0.0\bin\logstash -f tcp.txt

Somewhere logstash should say:

Starting tcp input listener {:address=>"0.0.0.0:9000"}

In a separate window, I will start

telnet 127.0.0.1 9000

and enter the same text

asdasd

The answer will be:

{
    "@timestamp" => 2026-11-05T20:27:18.047Z,
          "port" => 51037,
      "@version" => "1",
           "host" => "127.0.0.1",
       "message" => "asdasd\r",
          "type" => "tcpLog"
}

And it is more clear now -  we jave telnet=> console.

Let’s say that now we want to write the output a file. I will modify tcp.txt to add to output the file plugin :

input {
  tcp {
    port => 9000
    type => "tcpLog"
  }
}
  output {
stdout {codec => rubydebug}
file {    path => "a.txt"     }
}

We start again logstash with

logstash-5.0.0\bin\logstash -f tcp.txt

and the telnet console with

telnet 127.0.0.1 9000

and enter the same text

asdasd

The answer will be now:

{
    "@timestamp" => 2026-11-05T20:31:47.639Z,
          "port" => 51213,
      "@version" => "1",
          "host" => "127.0.0.1",
       "message" => "asdasdad\r",
          "type" => "tcpLog"
}
[2026-11-05T22:31:48,534][INFO ][logstash.outputs.file    ] Opening file {:path=>"a.txt"}

For more outputs(such as csv , http. mongodb and others) , please see https://www.elastic.co/guide/en/logstash/current/output-plugins.html

For more inputs(such as file, http, github and others) please see  https://www.elastic.co/guide/en/logstash/current/input-plugins.html