How to install Logstash on Ubuntu or Debian

Logstash is a Java-based application requiring Java Runtime Environment or JRE to be installed for it to run. Both can be installed via apt though Logstash is not hosted in Ubuntu's or Debian's default apt repository.

Logstash requires manual addition of Elastic's repository to apt's. Elastic repository does not list JRE as a dependency to Logstash; thus, it needs to be installed separately.

Both Logstash and JRE can be installed using apt from the terminal.

1. Add GPG key of ELK's repository.

   $ wget --quiet --output-document=- https://artifacts.elastic.co/GPG-KEY-elasticsearch | gpg --dearmor | sudo tee /usr/share/keyrings/elasticsearch-archive-keyring.gpg
   [sudo] password for user:

2. Add ELK repository to apt's repository list.

   $ echo "deb https://artifacts.elastic.co/packages/7.x/apt stable main" | sudo tee -a /etc/apt/sources.list.d/elastic-7.x.list
   deb https://artifacts.elastic.co/packages/7.x/apt stable main
   [sudo] password for user:
   deb https://artifacts.elastic.co/packages/7.x/apt stable main

3. Update list of available packages from the newly added repository.

   $ sudo apt update
   [sudo] password for user: 
   Get:1 http://security.ubuntu.com/ubuntu hirsute-security InRelease [101 kB]
   Hit:2 http://archive.ubuntu.com/ubuntu hirsute InRelease                      
   Get:3 http://archive.ubuntu.com/ubuntu hirsute-updates InRelease [109 kB]     
   Hit:4 https://artifacts.elastic.co/packages/7.x/apt stable InRelease          
   Hit:5 http://archive.ubuntu.com/ubuntu hirsute-backports InRelease
   Get:6 http://archive.ubuntu.com/ubuntu hirsute-updates/main amd64 Packages [43.5 kB]
   Get:7 http://archive.ubuntu.com/ubuntu hirsute-updates/main i386 Packages [16.0 kB]
   Get:8 http://archive.ubuntu.com/ubuntu hirsute-updates/universe amd64 Packages [17.0 kB]
   Fetched 286 kB in 2s (162 kB/s)      
   Reading package lists... Done
   Building dependency tree... Done
   Reading state information... Done
   All packages are up to date.

4. Install latest Java Runtime Environment.

   $ sudo apt install --assume-yes default-jre
   Reading package lists... Done
   Building dependency tree... Done
   Reading state information... Done
   The following additional packages will be installed:
     ca-certificates-java default-jre-headless fonts-dejavu-extra java-common
     libatk-wrapper-java libatk-wrapper-java-jni openjdk-11-jre
     openjdk-11-jre-headless
   Suggested packages:
     fonts-ipafont-gothic fonts-ipafont-mincho fonts-wqy-microhei
     | fonts-wqy-zenhei
   The following NEW packages will be installed:
     ca-certificates-java default-jre default-jre-headless fonts-dejavu-extra
     java-common libatk-wrapper-java libatk-wrapper-java-jni openjdk-11-jre
     openjdk-11-jre-headless
   0 upgraded, 9 newly installed, 0 to remove and 0 not upgraded.
   Need to get 39.6 MB of archives.
   After this operation, 179 MB of additional disk space will be used.
   ##### snipped

5. Install logstash package.

   $ sudo apt install --assume-yes logstash
   Reading package lists... Done
   Building dependency tree... Done
   Reading state information... Done
   The following NEW packages will be installed:
     logstash
   0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
   Need to get 370 MB of archives.
   After this operation, 637 MB of additional disk space will be used.
   ##### snipped

6. Configure logstash as necessary.

   $ sudo vi /etc/logstash/logstash.yml

7. Configure logstash to automatically start during startup.

   $ sudo systemctl enable logstash
   Created symlink /etc/systemd/system/multi-user.target.wants/logstash.service → /etc/systemd/system/logstash.service.

8. Start logstash service.

    $ sudo systemctl start logstash