Fast and simple way to process logs with Logstash
Here is a small article, just do expose how easy and efficient it is to work with Logstash. For this tutorial, all you will need is Docker. You will find the source code for the tutorial on my Github repository.
The idea through this tutorial is simply to parse Nginx logs, process them, and store them in Elasticsearch so that we could visualize them with Kibana. This is what we call a ELK stack.
Beyond fetching data, the true power of Logstash is to process the data. With Logstash it is possible to parse the log file, set keys to the values parsed, and redefine those values (remove the key from the log, convert the value, from IP to geolocation positions for instance…).