How to Install Logstash for Elasticsearch on MacOS

Introduction

Logstash is an integral part of the ELK (Elastic, Logstash, Kibana) stack. While Elastic is the place where data is stored and retrieved from, Logstash is the tool responsible for structuring data and sending it to Elastic. The power of this open-source data pipeline is its ability to parse and transform data from many different sources and formats. Transformed data is then sent to the “stash” of choice — in an ELK stack, that “stash” is Elastic. Before users can harness the power of Logstash as part of an ELK stash, the package must first be installed. In this article, simple instructions will be provided for installing Logstash on Mac OS.

Prerequisites

Before attempting to install Logstash on Mac OS, it’s important to understand the system requirements. The Logstash engine requires JVM to be running — be aware that this dependency, combined with the Ruby implementation, can result in significant memory consumption, particularly when a number of pipelines are involved and complex filtering is taking place. It is also necessary to have JDK 8 and Elastic installed on the Mac before installing Logstash. (Please note that Logstash does not officially support JDK 9 at this time, and only version 6.2 of Elastic has support for JDK 9). Older versions of the ELK stack may require the use of JDK 7. Users who need the DMG installer file for JDK may find it on the Oracle website. For additional information on installing JDK for MacOS, please see Oracle’s Installation Guide. Elastic is built on Java, so it’s important to confirm that Java is installed on your machine before moving forward. To check for an installation of Java on your machine and to find out what version is running, run the following command:

• If JDK 8 and Java are installed correctly, the returned terminal output will look something like this, confirming the presence of Java on the machine and indicating the version that’s running:

Installing Homebrew

• The package manager Homebrew makes it easy to install software on MacOS. Homebrew eliminates the need to locate external download links, mount a disk image, and then running an installer; instead, installations are handled using a simple brew command. Using this command for an installation helps avoid permissions issues and simplifies the process of uninstalling if needed.
• If Homebrew is not already installed on your machine, install it by using the following command in the terminal:

• If Homebrew is already installed, it’s a good idea to update it before installing Logstash or any other packages:

• The following command can be used to upgrade all packages that were installed using Homebrew:

Installing The ELK Stack Using Brew

• After making sure that Homebrew has been both installed and upgraded, the next thing to install is Elastic. This can be done using the following command:

Homebrew also allows users to list services and even start services (such as Elastic) with a couple of simple commands:

Once Elastic is successfully installed, it’s time to install Logstash. All that’s needed to accomplish this task is another brew command:

After installing Logstash, use the following command to start the service on your machine:

• For additional information on Homebrew or to resolve any issues that may occur using this package manager, please consult their documentation.

Conclusion:

It’s clear that Logstash plays a key role in the ELK stack. The ability of Logstash to parse and transform data makes it an essential part of a strong log-management strategy. Installing Logstash on MacOS is a simple process, but the success of an install is dependent on understanding the system requirements and using the right tools for the task. With the correct prerequisites in place, it’s easy to use the Homebrew package manager for a quick and easy Logstash installation.