Monitoring Logstash

You can monitor Logstash with several ways.

check_logstash

There’s a corresponding CheckCommand for this plugin in the ITL. Unfortunately I’m more than a bit behind with some issues. It’s working for a basic monitoring of most Logstash setups but it lacks at least neat error messages and a way to monitor multiple pipelines.

You have to enable the API within the logstash.yml of your instance.

check_procs

You can always monitor if the Logstash process is running. It’s not that thorough like check_logstash but as a minimum monitoring it should be sufficient.

check_tcp or check_udp

If your Logstash instance opens ports you can monitor if they are available.

check_logfiles / extra Elastic Stack

It’s quite dangerous to digest Logstashs own logs with the very same Logstash instance. So either deal with check_logfiles to monitor the Logstash logs or, even better, facilitate an extra, minimal, Elastic Stack to collect and parse the logs of the main Elastic Stack.