Monitoring Logstash

You can monitor Logstash with several ways.


There’s a corresponding CheckCommand for this plugin in the ITL. Unfortunately I’m more than a bit behind with some issues. It’s working for a basic monitoring of most Logstash setups but it lacks at least neat error messages and a way to monitor multiple pipelines.

You have to enable the API within the logstash.yml of your instance.


You can always monitor if the Logstash process is running. It’s not that thorough like check_logstash but as a minimum monitoring it should be sufficient.

check_tcp or check_udp

If your Logstash instance opens ports you can monitor if they are available.

check_logfiles / extra Elastic Stack

It’s quite dangerous to digest Logstashs own logs with the very same Logstash instance. So either deal with check_logfiles to monitor the Logstash logs or, even better, facilitate an extra, minimal, Elastic Stack to collect and parse the logs of the main Elastic Stack.