Logstash is a Java-based application where it requires Java Runtime Environment or JRE to also be installed for it to run. Both can be installed via apt though Logstash is not hosted in Ubuntu's or Debian's default apt repository.

Logstash requires manual addition of Elastic's repository to apt's. Elastic repository does not list JRE as a dependency to Logstash thus it needs to be installed separately.

Both Logstash and JRE can be installed using apt from the terminal.

Steps to install Logstash on Ubuntu or Debian:

  1. Add GPG key of ELK's repository.

    $ wget --quiet --output-document=- https://artifacts.elastic.co/GPG-KEY-elasticsearch | gpg --dearmor | sudo tee /usr/share/keyrings/elasticsearch-archive-keyring.gpg [sudo] password for user:

  2. Add ELK repository to apt's repository list.

    $ echo "deb https://artifacts.elastic.co/packages/7.x/apt stable main" | sudo tee -a /etc/apt/sources.list.d/elastic-7.x.list deb https://artifacts.elastic.co/packages/7.x/apt stable main [sudo] password for user: deb https://artifacts.elastic.co/packages/7.x/apt stable main

  3. Update list of available packages from the newly added repository.

    $ sudo apt update [sudo] password for user:  Get:1 http://security.ubuntu.com/ubuntu hirsute-security InRelease [101 kB] Hit:2 http://archive.ubuntu.com/ubuntu hirsute InRelease                       Get:3 http://archive.ubuntu.com/ubuntu hirsute-updates InRelease [109 kB]      Hit:4 https://artifacts.elastic.co/packages/7.x/apt stable InRelease           Hit:5 http://archive.ubuntu.com/ubuntu hirsute-backports InRelease Get:6 http://archive.ubuntu.com/ubuntu hirsute-updates/main amd64 Packages [43.5 kB] Get:7 http://archive.ubuntu.com/ubuntu hirsute-updates/main i386 Packages [16.0 kB] Get:8 http://archive.ubuntu.com/ubuntu hirsute-updates/universe amd64 Packages [17.0 kB] Fetched 286 kB in 2s (162 kB/s)       Reading package lists... Done Building dependency tree... Done Reading state information... Done All packages are up to date.

  4. Install latest Java Runtime Environment.

    $ sudo apt install --assume-yes default-jre Reading package lists... Done Building dependency tree... Done Reading state information... Done The following additional packages will be installed:   ca-certificates-java default-jre-headless fonts-dejavu-extra java-common   libatk-wrapper-java libatk-wrapper-java-jni openjdk-11-jre   openjdk-11-jre-headless Suggested packages:   fonts-ipafont-gothic fonts-ipafont-mincho fonts-wqy-microhei   | fonts-wqy-zenhei The following NEW packages will be installed:   ca-certificates-java default-jre default-jre-headless fonts-dejavu-extra   java-common libatk-wrapper-java libatk-wrapper-java-jni openjdk-11-jre   openjdk-11-jre-headless 0 upgraded, 9 newly installed, 0 to remove and 0 not upgraded. Need to get 39.6 MB of archives. After this operation, 179 MB of additional disk space will be used. ##### snipped

  5. Install logstash package.

    $ sudo apt install --assume-yes logstash Reading package lists... Done Building dependency tree... Done Reading state information... Done The following NEW packages will be installed:   logstash 0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded. Need to get 370 MB of archives. After this operation, 637 MB of additional disk space will be used. ##### snipped

  6. Configure logstash as necessary.

    $ sudo vi /etc/logstash/logstash.yml

  7. Configure logstash to automatically start during startup.

    $ sudo systemctl enable logstash Created symlink /etc/systemd/system/multi-user.target.wants/logstash.service → /etc/systemd/system/logstash.service.

  8. Start logstash service.

     $ sudo systemctl start logstash