A couple of ways to install Logstash is as a service on the cloud virtual machine, as well as deployed as a Docker container. For our example, let's deploy Logstash as a Docker container. Assuming the Docker engine in installed, we can pull it from the docker.elastic.co repository:
docker pull docker.elastic.co/logstash/logstash
You can execute the "docker image" command to verify the image was pulled. Before we create a container from this image, we'll create a configuration file.
It is possible to have multiple inputs on a single Logstash configuration file, but let us, for this example, have one configuration file per input.
port => 8080
hosts => ["10.0.0.41:9200"]
You may have noticed this configuration outputs to an Elasticsearch cluster as well as standard out. If you're curious, you can easily make a configuration for http input out of this file by changing the word 'tcp' to 'http.' Now that our configuration file is created, we're ready to start out container. When running the following Docker command, make sure you're in the same directory as the configuration file.
docker run -dit --name logstash-tcp --restart=always \
-p 8080:8080 -p 9600:9600 -v "$PWD":/config-dir \
-e http.host=127.0.0.1 logstash \
Give it some time to start up, and then check the logs to verify:
docker logs --tail 10