Guide How To Install Logstash For Elasticsearch On Linux


Elastic has enabled their archive and retrieve service with some handy tools. One of these is called Logstash, and it is a customizable configuration tool. It equips the user with the ability to specifically designate targets and actions within the system for the engine. These, in turn, are preset to be monitored and/or retrieved depending upon the guidelines set by the user. The instructions that follow will walk the reader through the installation of the Logstash unit.


  • JDK 8 is required(Logstash does not yet officially support JDK 9). Also, be sure to have SSH access to the Linux server via private key and sudo privileges to install packages.
  • Elasticsearch is reliant upon Java. To see the version currently running, use this command:
javac -version
  • If they are installed properly, text output in the terminal should look like this:
java version "1.8.0_65"

Java(TM) SE Runtime Environment (build 1.8.0_65-b17)

Java HotSpot(TM) 64-Bit Server VM (build 25.65-b01, mixed mode)
  • If running on a Debian-based Linux (like Ubuntu), the JDK 8 repository can be added and installed using these commands:
sudo add-apt-repository -y ppa:webupd8team/java

sudo apt-get update
  • Depending on the Linux system, if java was installed from a tarball, it has to be exported the JAVA_HOME environment. This is because java was being used by Logstash during the installation to automatically detect the environment and correctly install the startup method.

>If Logstash is unable to find JAVA_HOME variable during package installation, the user may get an error message, and Logstash will be unable to start properly…from Elastic – Installing Logstash

Installing Latest Version Using Source Package

  • The user can download the Logstash package that is compatible with the host from the Elastic website.
  • If the user is installing on a Debian-based server or machine (such as Ubuntu), it is suggested to install the apt-transport-https library first.
  • Use sudo to elevate the user as a super user and run apt-get update on the Linux system before installing a package from the APT repository.
  • After the repositories have been updated, the package can be installed:
sudo apt-get install apt-transport-https
  • To install the latest version of Logstash, use this command to install it from the updated APT repository:
sudo apt-get install logstash

Installing Older Versions Of Logstash

  • For another version of Logstash, use the wget command to download the chosen release from Elastic’s “Past Releases” page. Keeping the versions on separate pages ensures that the user won’t accidentally upgrade to major versions and break potentially compatibility.
  • The ELK stack repositories are available in distributions for both APT and YUM.
  • In this article, version 6.0 will be downloaded from its repository page as an example.

Debian-based Distros

  • For Debian systems make sure to download the .deb package:
sudo wget
  • When the download finishes, use the dpkg command for installing the package. Make sure to be in the same package directory, and run this command using sudo privileges:
sudo dpkg -i logstash-6.6.0.deb
  • Use the -i option to make the Debian installer interactive.

Red Hat Linux Distros

  • For “Red Hat” distros, like CentOS, the user needs to download the RPM package and install it. This example uses the -ivh options to make the installation verbose and interactive:
sudo wget

sudo rpm -ivh logstash-6.6.0.rpm
  • Logstash should not be installed in a directory path containing a colon (:) character.

Install Using The Elastic Signing Key

  • The Logstash package repositories for different versions are all on the Elastic website. For all 6.x.y releases use the 6.x as the version number…from Elastic – Installing Logstash
  • Elastic uses D88E42B4 for a PGP, Elastic’s Signing Key, as a fingerprint.
4609 5ACC 8548 582C 1A26 99A9 D27D 666C D88E 42B4

Install With YUM

  • Download it to install the public access signing key:
rpm --import
  • Add the following to the directory /etc/yum.repos.d/ with the suffix (.repo) at the end of the file. For example: `logstash.repo`

name=Elastic repository for 6.x packages






  • Now the repository can be used. It can be installed with:
sudo yum install logstash
  • To configure Logstash, the user will need to modify the logstash.conf configuration file. Learn the procedure at the Elastic website.
  • There are several Logstash installations possible on the Linux platform. However, care must be taken with the processes, and it is important to always refer to installation documentation for proper guidance.


The process outlined above is an excellent start to utilizing the tools from Elastic more dynamically on a Linux system. The Logstash tool will help its user to exercise greater control over the functions of the platform. The Elastic Stack, known as the ELK, has more programs that add even further performance enhancements, tweaks, and options. They are all designed to work as a complete harmonious network to archive, search, and manage databases in a more efficient manner. Please, see some of the other guides for more instructions on How-To add other programs compatible with the ones mentioned here.

Pilot the ObjectRocket Platform Free!

Try Fully-Managed CockroachDB, Elasticsearch, MongoDB, PostgreSQL (Beta) or Redis.

Get Started

Keep in the know!

Subscribe to our emails and we’ll let you know what’s going on at ObjectRocket. We hate spam and make it easy to unsubscribe.