Because I was running into problems with Logstash environment variables, I wanted to shortly document my experience and reference the file that is used when you are running Logstash as systemd service in Linux systems.

A month ago I did not even know what environment variables were, but I needed something like variables for my Logstash filter needs. As I tried to collect data from an HTTP API endpoint that is updated each day, I wanted to configure Logstash to pick up only the new data. For this, I found that we can use environment variables including date variables in Linux systems.

For example:

echo $(date '+%Y%m%d')
20210819

However, when running Logstash through systemd this won’t work as it sources two files; /etc/default/logstash and /etc/sysconfig/logstash. This is also discussed in the following GitHub issue: https://github.com/elastic/logstash/issues/9007.

As I continued my tests, I accidently deleted all the entries in the /etc/default/logstash file. Documentation for how to deal with environment variables using systemd is missing from the Elastic website unfortunately, nor could I find the reference files anywhere online. I spun up a new Logstash instance elsewhere and copied the file contents from there to fix my working installation.

For anyone’s convenvience, here is the /etc/default/logstash file:

LS_HOME="/usr/share/logstash"
LS_SETTINGS_DIR="/etc/logstash"
LS_PIDFILE="/var/run/logstash.pid"
LS_USER="logstash"
LS_GROUP="logstash"
LS_GC_LOG_FILE="/var/log/logstash/gc.log"
LS_OPEN_FILES="16384"
LS_NICE="19"
SERVICE_NAME="logstash"
SERVICE_DESCRIPTION="logstash"

The file /etc/sysconfig/logstash does not seems to exist, although it is referenced in the systemd config file. For your reference, that one can be found in the in /etc/systemd/system/logstash.service and looks like this:

[Unit]
Description=logstash

[Service]
Type=simple
User=logstash
Group=logstash
# Load env vars from /etc/default/ and /etc/sysconfig/ if they exist.
# Prefixing the path with '-' makes it try to load, but if the file doesn't
# exist, it continues onward.
EnvironmentFile=-/etc/default/logstash
EnvironmentFile=-/etc/sysconfig/logstash
ExecStart=/usr/share/logstash/bin/logstash "--path.settings" "/etc/logstash"
Restart=always
WorkingDirectory=/
Nice=19
LimitNOFILE=16384

# When stopping, how long to wait before giving up and sending SIGKILL?
# Keep in mind that SIGKILL on a process can cause data loss.
TimeoutStopSec=infinity

[Install]
WantedBy=multi-user.target

That was a pretty quick writeup of my experience with starting up Logstash as systemd service including environment variables. I may add more to this post as I get to know more, but I still have a long way to go to learn about Linux as I started my Elastic and Linux learning journey just last October (2020).