From e62ff588b1674b2a31a9553f6e83b5e76cebda72 Mon Sep 17 00:00:00 2001
From: sbaas-hcs <129400548+sbaas-hcs@users.noreply.github.com>
Date: Thu, 9 Apr 2026 16:19:49 +0200
Subject: [PATCH 1/5] Adding processor, preserve_original_event and tag as
 option to logstash stream

---
 packages/logstash/changelog.yml               | 10 ++++++++
 .../data_stream/log/agent/stream/log.yml.hbs  | 10 ++++++++
 .../logstash/data_stream/log/manifest.yml     | 24 +++++++++++++++++++
 .../slowlog/agent/stream/log.yml.hbs          | 10 ++++++++
 .../logstash/data_stream/slowlog/manifest.yml | 24 +++++++++++++++++++
 5 files changed, 78 insertions(+)

diff --git a/packages/logstash/changelog.yml b/packages/logstash/changelog.yml
index dce44336f11..887be56e294 100644
--- a/packages/logstash/changelog.yml
+++ b/packages/logstash/changelog.yml
@@ -1,4 +1,14 @@
 # newer versions go on top
+- version: "2.10.3"
+  changes:
+    - description: Adding processor, preserve_original_event and tag as option to logstash stream.
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/xxxxx
+- version: "2.10.2"
+  changes:
+    - description: Added logstash-json to default, if log.format is changed https://www.elastic.co/docs/reference/logstash/logstash-settings-file.
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/xxxxx
 - version: "2.10.1"
   changes:
     - description: Fixes navigation of batch metrics when the integration is used to monitor an older version of Logstash that doesn't expose.
diff --git a/packages/logstash/data_stream/log/agent/stream/log.yml.hbs b/packages/logstash/data_stream/log/agent/stream/log.yml.hbs
index 5d4c37df1ce..7b9e55094ca 100644
--- a/packages/logstash/data_stream/log/agent/stream/log.yml.hbs
+++ b/packages/logstash/data_stream/log/agent/stream/log.yml.hbs
@@ -15,6 +15,16 @@ processors:
     target: ''
     fields:
       ecs.version: 1.10.0
+{{#if processors}}
+{{processors}}
+{{/if}}
+tags:
+{{#if preserve_original_event}}
+  - preserve_original_event
+{{/if}}
+{{#each tags as |tag|}}
+  - {{tag}}
+{{/each}}  
 {{#if condition}}
 condition: {{ condition }}
 {{/if}}
diff --git a/packages/logstash/data_stream/log/manifest.yml b/packages/logstash/data_stream/log/manifest.yml
index db998376e05..5a0d59b318e 100644
--- a/packages/logstash/data_stream/log/manifest.yml
+++ b/packages/logstash/data_stream/log/manifest.yml
@@ -11,6 +11,30 @@ streams:
         show_user: true
         default:
           - /var/log/logstash/logstash-plain*.log
+          - /var/log/logstash/logstash-json*.log
+      - name: tags
+        type: text
+        title: Tags
+        multi: true
+        required: false
+        show_user: false
+        default:        
+      - name: processors
+        type: yaml
+        title: Processors
+        multi: false
+        required: false
+        show_user: false
+        description: >
+          Processors are used to reduce the number of fields in the exported event or to enhance the event with metadata. This executes in the agent before the logs are parsed. See [Processors](https://www.elastic.co/guide/en/beats/filebeat/current/filtering-and-enhancing-data.html) for details.
+      - name: preserve_original_event
+        required: true
+        show_user: true
+        title: Preserve original event
+        description: Preserves a raw copy of the original event, added to the field `event.original`
+        type: bool
+        multi: false
+        default: false          
     template_path: log.yml.hbs
     title: Logstash logs
     description: Collect Logstash logs from standard files
diff --git a/packages/logstash/data_stream/slowlog/agent/stream/log.yml.hbs b/packages/logstash/data_stream/slowlog/agent/stream/log.yml.hbs
index 5cf49c2f446..fb7fb642d9e 100644
--- a/packages/logstash/data_stream/slowlog/agent/stream/log.yml.hbs
+++ b/packages/logstash/data_stream/slowlog/agent/stream/log.yml.hbs
@@ -11,6 +11,16 @@ processors:
     target: ''
     fields:
       ecs.version: 1.10.0
+{{#if processors}}
+{{processors}}
+{{/if}}
+tags:
+{{#if preserve_original_event}}
+  - preserve_original_event
+{{/if}}
+{{#each tags as |tag|}}
+  - {{tag}}
+{{/each}}      
 {{#if condition}}
 condition: {{ condition }}
 {{/if}}
diff --git a/packages/logstash/data_stream/slowlog/manifest.yml b/packages/logstash/data_stream/slowlog/manifest.yml
index b87be24942f..356258c8267 100644
--- a/packages/logstash/data_stream/slowlog/manifest.yml
+++ b/packages/logstash/data_stream/slowlog/manifest.yml
@@ -11,6 +11,30 @@ streams:
         show_user: true
         default:
           - /var/log/logstash/logstash-slowlog-plain*.log
+          - /var/log/logstash/logstash-slowlog-json*.log
+      - name: tags
+        type: text
+        title: Tags
+        multi: true
+        required: false
+        show_user: false
+        default:        
+      - name: processors
+        type: yaml
+        title: Processors
+        multi: false
+        required: false
+        show_user: false
+        description: >
+          Processors are used to reduce the number of fields in the exported event or to enhance the event with metadata. This executes in the agent before the logs are parsed. See [Processors](https://www.elastic.co/guide/en/beats/filebeat/current/filtering-and-enhancing-data.html) for details.
+      - name: preserve_original_event
+        required: true
+        show_user: true
+        title: Preserve original event
+        description: Preserves a raw copy of the original event, added to the field `event.original`
+        type: bool
+        multi: false
+        default: false          
     template_path: log.yml.hbs
     title: Logstash slowlog logs
     description: Collect logstash slowlog logs using log input

From ad3dac5dcf0d3053e9359b8e5e9b021c57a1a6c2 Mon Sep 17 00:00:00 2001
From: sbaas-hcs <129400548+sbaas-hcs@users.noreply.github.com>
Date: Thu, 9 Apr 2026 17:40:40 +0200
Subject: [PATCH 2/5] Updated changelog/manifest

---
 packages/logstash/changelog.yml | 4 ++--
 packages/logstash/manifest.yml  | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/packages/logstash/changelog.yml b/packages/logstash/changelog.yml
index 887be56e294..58aabd258d1 100644
--- a/packages/logstash/changelog.yml
+++ b/packages/logstash/changelog.yml
@@ -3,12 +3,12 @@
   changes:
     - description: Adding processor, preserve_original_event and tag as option to logstash stream.
       type: enhancement
-      link: https://github.com/elastic/integrations/pull/xxxxx
+      link: https://github.com/elastic/integrations/pull/18316
 - version: "2.10.2"
   changes:
     - description: Added logstash-json to default, if log.format is changed https://www.elastic.co/docs/reference/logstash/logstash-settings-file.
       type: enhancement
-      link: https://github.com/elastic/integrations/pull/xxxxx
+      link: https://github.com/elastic/integrations/pull/18316
 - version: "2.10.1"
   changes:
     - description: Fixes navigation of batch metrics when the integration is used to monitor an older version of Logstash that doesn't expose.
diff --git a/packages/logstash/manifest.yml b/packages/logstash/manifest.yml
index efb3f289c10..e9d5835ad7f 100644
--- a/packages/logstash/manifest.yml
+++ b/packages/logstash/manifest.yml
@@ -1,6 +1,6 @@
 name: logstash
 title: Logstash
-version: 2.10.1
+version: 2.10.3
 description: Collect logs and metrics from Logstash with Elastic Agent.
 type: integration
 icons:

From 8d9fdbbf6e942116249e63fda344ea919fe4e389 Mon Sep 17 00:00:00 2001
From: sbaas-hcs <129400548+sbaas-hcs@users.noreply.github.com>
Date: Tue, 16 Jun 2026 14:28:30 +0200
Subject: [PATCH 3/5] Update changelog.yml

---
 packages/logstash/changelog.yml | 7 +------
 1 file changed, 1 insertion(+), 6 deletions(-)

diff --git a/packages/logstash/changelog.yml b/packages/logstash/changelog.yml
index 58aabd258d1..1c48c8dc364 100644
--- a/packages/logstash/changelog.yml
+++ b/packages/logstash/changelog.yml
@@ -1,12 +1,7 @@
 # newer versions go on top
-- version: "2.10.3"
-  changes:
-    - description: Adding processor, preserve_original_event and tag as option to logstash stream.
-      type: enhancement
-      link: https://github.com/elastic/integrations/pull/18316
 - version: "2.10.2"
   changes:
-    - description: Added logstash-json to default, if log.format is changed https://www.elastic.co/docs/reference/logstash/logstash-settings-file.
+    - description: Added logstash-json to default, if log.format is changed https://www.elastic.co/docs/reference/logstash/logstash-settings-file. Adding processor, preserve_original_event and tag as option to logstash stream.
       type: enhancement
       link: https://github.com/elastic/integrations/pull/18316
 - version: "2.10.1"

From eddbd6c4a982a2dd6ad48ba992d69b0fed82d82c Mon Sep 17 00:00:00 2001
From: sbaas-hcs <129400548+sbaas-hcs@users.noreply.github.com>
Date: Tue, 16 Jun 2026 14:28:57 +0200
Subject: [PATCH 4/5] Update manifest.yml

---
 packages/logstash/manifest.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/packages/logstash/manifest.yml b/packages/logstash/manifest.yml
index e9d5835ad7f..f0532936b5e 100644
--- a/packages/logstash/manifest.yml
+++ b/packages/logstash/manifest.yml
@@ -1,6 +1,6 @@
 name: logstash
 title: Logstash
-version: 2.10.3
+version: 2.10.2
 description: Collect logs and metrics from Logstash with Elastic Agent.
 type: integration
 icons:

From 5ebdafdcb456263955377e086106bb2c04da212f Mon Sep 17 00:00:00 2001
From: sbaas-hcs <129400548+sbaas-hcs@users.noreply.github.com>
Date: Tue, 16 Jun 2026 14:35:23 +0200
Subject: [PATCH 5/5] Added information to 2.11.1 changelog

---
 packages/logstash/changelog.yml | 5 +++++
 packages/logstash/manifest.yml  | 2 +-
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/packages/logstash/changelog.yml b/packages/logstash/changelog.yml
index 632cf76e0e6..089f63d397c 100644
--- a/packages/logstash/changelog.yml
+++ b/packages/logstash/changelog.yml
@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "2.11.1"
+  changes:
+    - description: Added logstash-json to default, if log.format is changed https://www.elastic.co/docs/reference/logstash/logstash-settings-file. Adding processor, preserve_original_event and tag as option to logstash stream.
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/18316
 - version: "2.11.0"
   changes:
     - description: Update existing batch graphs with 50th and 90th percentiles during last minute. Replace average lifetime metric with last one minute, for both batch's byte size and value, to be coherent with the other graphed percentiles.. Note that these metrics will only show results for Logstash versions 9.4.0 or later.
diff --git a/packages/logstash/manifest.yml b/packages/logstash/manifest.yml
index 59ca72a635e..826be779984 100644
--- a/packages/logstash/manifest.yml
+++ b/packages/logstash/manifest.yml
@@ -1,6 +1,6 @@
 name: logstash
 title: Logstash
-version: 2.11.0
+version: 2.11.1
 description: Collect logs and metrics from Logstash with Elastic Agent.
 type: integration
 icons: