At work we do log parsing and shipping using logstash. Logstash has been working great and it’s been stable for us but testing the pipelines has been a bit of a hurdle, especially for people that’s not so well versed with Linux.

To solve this issue I decided to try to develop a tool for testing pipelines. In order for the project to be successful the following criterias had to be met.

  • The tool had to support any client platform, be it Windows, Linux or Macintosh
  • It had to be easy to use without knowing Linux commands
  • The interface should give direct results from the Logstash output section

The result ended up in a combination of a UI built with NodeJs and Logstash using Docker.

Before you start

Please note that this tools is here to test the filter section of a pipeline.

  • The script natively supports tcp/udp + syslog inputs
  • If you want to other types of input you need to send the data directly to logstash and also expose the corresponding port
  • Each output section needs to be defined as stated below

How to start

  1. If needed, install docker on your machine
  2. Clone the repository on GitHub.
  3. Copy your pipeline folder to logstash/logstash-config/pipeline
  4. Replace the output section in each pipeline with the tools predefined output:
    output {
    http {
        format => "json"
        http_method => "post"
        url => "http://pipeline-ui:8080/api/v1/receiveLogstashOutput"
    }
}
  5. Enter the repository directory
  6. Run docker-compose build
  7. Run docker-compose up
  8. Open up http://localhost:8080 in your browser to access the interface
  9. It will directly attempt to connect to the backend and logstash. Wait until both status buttons are green before starting to send data.

IMPORTANT – Depending on docker host you might get the question if you want to share your drive with the docker service. If you get this message, share your drive, stop the containers and run docker-compose up again.

Adding pipelines

There are two ways, either modify the existing pipelines or follow thes following steps.

  1. Modify logstash-config/pipelines.yml
# Example covers the creation of a pipeline called mypipeline
- pipeline.id: generic-json
  path.config: "/usr/share/logstash/pipeline/mypipeline"
  1. Then create a directory in logstash-config/pipeline called mypipeline
  2. Copy your logstash config to logstash-config/pipeline/mypipeline
  3. Last but not least, restart the containers using docker-compose up

Modifying pipelines

Since the logstash pipeline directory is mounted in the containers logstash should detect file changes and reload the pipeline. If this does not happen for some reason you need to restart the containers.

Troubleshooting

Check the docker-compose window for any exceptions thrown.

Reporting issues

First, please check if there’s any current issues that matches your problem. If not, please feel free to submit an issue here at Github.

I have very limited time so I won’t be able to act fast on any issue but it’s always good to have it logged and who knows, maybe someone else will pick it up and make a PR.

Application flow diagram

Screenshot from the application

Code available here

https://github.com/epacke/logstash-pipeline-tester

Leave a Reply

Your email address will not be published. Required fields are marked *