Logstash requires configuration to be specified while running it. Configuration can be specified directly as an argument using the -e option by specifying the configuration file (the .conf file) using the -f option/flag.
Using the terminal/command prompt, navigate to LOGSTASH_HOME/bin. Let's ensure that Logstash works fine after installation by running the following command with a simple configuration (the logstash pipeline) as a parameter:
E:logstash-7.0.0in>logstash -e "input { stdin { } } output { stdout {} }"
You should get the following logs:
E:logstash-7.0.0in>logstash -e "input { stdin {}} output { stdout{}}"
Sending Logstash logs to E:/logstash-7.0.0/logs which is now configured via log4j2.properties
[2019-03-17T15:17:23,771][INFO ][logstash.setting.writabledirectory] Creating directory {:setting=>"path.queue", :path=>"E:/logstash-7.0.0/data/queue"}
[2019-03-17T15:17:23,782][INFO ][logstash.setting.writabledirectory] Creating directory {:setting=>"path.dead_letter_queue", :path=>"E:/logstash-7
.0.0/data/dead_letter_queue"}
[2019-03-17T15:17:23,942][WARN ][logstash.config.source.multilocal] Ignoring the 'pipelines.yml' file because modules or command line options are specified
[2019-03-17T15:17:23,960][INFO ][logstash.runner ] Starting Logstash {"logstash.version"=>"7.0.0"}
[2019-03-17T15:17:24,006][INFO ][logstash.agent ] No persistent UUID file found. Generating new UUID {:uuid=>"5e0b1f2a-d1dc-4c0b-9c4f-8efded
6c3260", :path=>"E:/logstash-7.0.0/data/uuid"}
[2019-03-17T15:17:32,701][INFO ][logstash.javapipeline ] Starting pipeline {:pipeline_id=>"main", "pipeline.workers"=>4, "pipeline.batch.size"=>125
, "pipeline.batch.delay"=>50, "pipeline.max_inflight"=>500, :thread=>"#<Thread:0x74a9c9ab run>"}
[2019-03-17T15:17:32,807][INFO ][logstash.javapipeline ] Pipeline started {"pipeline.id"=>"main"}
The stdin plugin is now waiting for input:
[2019-03-17T15:17:32,897][INFO ][logstash.agent ] Pipelines running {:count=>1, :running_pipelines=>[:main], :non_running_pipelines=>[]}
[2019-03-17T15:17:33,437][INFO ][logstash.agent ] Successfully started Logstash API endpoint {:port=>9600}
Now, enter any text and press Enter. Logstash adds a timestamp and IP address information to the input text message. Exit Logstash by issuing a CTRL + C command in the shell where Logstash is running. We just ran Logstash with some simple configurations (pipeline). In the next section, we will explore the Logstash pipeline in more detail.