Create Logstash Service

Hello All,

Im fresh off the boat with OpenSearch/Opensearch-Dashboards. I been running Graylog for some time now and have played around with Elk-Stack and OpenDistro for Elasticsearch.

I just finish a full installation with Opensearch/Dashboards-2.6.0 & Logstash on Ubuntu 20.0.4. This is not an issue but was looking for some opinions.

With my Google Foo, I could not find a way to have logstash as a service, well none I could find beside downloading it from Elastic web site.
For some reason, not sure :wink: , I was having issues. So I used Opensearch Documentation :+1: but it just showed a script to execute. As a n00b I was testing configuration to see what worked and this was a pain in my @$$, so i decided to look for a way to turn Logstash into a service. Hope this will help someone later on.

Make the service file.

root # vim /etc/systemd/system/logstash.service

Add the following to the file.

[Unit]
Description=logstash

[Service]
Type=simple
User=root
Group=root

# Load env vars from /etc/default/ and /etc/sysconfig/ if they exist.
# Prefixing the path with '-' makes it try to load, but if the file doesn't
# exist, it continues onward.

EnvironmentFile=-/opt/logstash-8.6.1/
ExecStart=/opt/logstash-8.6.1/bin/logstash  -f  /opt/logstash-8.6.1/config/logstash.conf
WorkingDirectory=/opt/logstash-8.6.1/

Restart=always
Nice=19
LimitNOFILE=16384

# When stopping, how long to wait before giving up and sending SIGKILL?
# Keep in mind that SIGKILL on a process can cause data loss.
TimeoutStopSec=infinity

[Install]
WantedBy=multi-user.target

Execute:

sudo systemctl daemon-reload

sudo systemctl enable logstash

sudo systemctl start logstash

Results:

No issues but if anyone has a better idea/suggestion , im listen.

Thanks

For more security add user logstash and group logstash and use it into logstash and your service. Also change owner of /opt/logstash* to logstash:logstash

1 Like