elastic · sbaas-hcs · Apr 9, 2026 · Apr 9, 2026 · Jun 16, 2026 · Jun 16, 2026
@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "2.11.1"
+  changes:
+    - description: Added logstash-json to default, if log.format is changed https://www.elastic.co/docs/reference/logstash/logstash-settings-file. Adding processor, preserve_original_event and tag as option to logstash stream.
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/18316
 - version: "2.11.0"
   changes:
     - description: Update existing batch graphs with 50th and 90th percentiles during last minute. Replace average lifetime metric with last one minute, for both batch's byte size and value, to be coherent with the other graphed percentiles.. Note that these metrics will only show results for Logstash versions 9.4.0 or later.

@@ -15,6 +15,16 @@ processors:
     target: ''
     fields:
       ecs.version: 1.10.0
+{{#if processors}}
+{{processors}}
+{{/if}}
+tags:
+{{#if preserve_original_event}}
+  - preserve_original_event
+{{/if}}
+{{#each tags as |tag|}}
+  - {{tag}}
+{{/each}}  
 {{#if condition}}
 condition: {{ condition }}
 {{/if}}
@@ -11,6 +11,30 @@ streams:
         show_user: true
         default:
           - /var/log/logstash/logstash-plain*.log
+          - /var/log/logstash/logstash-json*.log
+      - name: tags
+        type: text
+        title: Tags
+        multi: true
+        required: false
+        show_user: false
+        default:        
+      - name: processors
+        type: yaml
+        title: Processors
+        multi: false
+        required: false
+        show_user: false
+        description: >
+          Processors are used to reduce the number of fields in the exported event or to enhance the event with metadata. This executes in the agent before the logs are parsed. See [Processors](https://www.elastic.co/guide/en/beats/filebeat/current/filtering-and-enhancing-data.html) for details.
+      - name: preserve_original_event
+        required: true
+        show_user: true
+        title: Preserve original event
+        description: Preserves a raw copy of the original event, added to the field `event.original`
+        type: bool
+        multi: false
+        default: false          
     template_path: log.yml.hbs
     title: Logstash logs
     description: Collect Logstash logs from standard files
@@ -11,6 +11,16 @@ processors:
     target: ''
     fields:
       ecs.version: 1.10.0
+{{#if processors}}
+{{processors}}
+{{/if}}
+tags:
+{{#if preserve_original_event}}
+  - preserve_original_event
+{{/if}}
+{{#each tags as |tag|}}
+  - {{tag}}
+{{/each}}      
 {{#if condition}}
 condition: {{ condition }}
 {{/if}}
@@ -11,6 +11,30 @@ streams:
         show_user: true
         default:
           - /var/log/logstash/logstash-slowlog-plain*.log
+          - /var/log/logstash/logstash-slowlog-json*.log
+      - name: tags
+        type: text
+        title: Tags
+        multi: true
+        required: false
+        show_user: false
+        default:        
+      - name: processors
+        type: yaml
+        title: Processors
+        multi: false
+        required: false
+        show_user: false
+        description: >
+          Processors are used to reduce the number of fields in the exported event or to enhance the event with metadata. This executes in the agent before the logs are parsed. See [Processors](https://www.elastic.co/guide/en/beats/filebeat/current/filtering-and-enhancing-data.html) for details.
+      - name: preserve_original_event
+        required: true
+        show_user: true
+        title: Preserve original event
+        description: Preserves a raw copy of the original event, added to the field `event.original`
+        type: bool
+        multi: false
+        default: false          
     template_path: log.yml.hbs
     title: Logstash slowlog logs
     description: Collect logstash slowlog logs using log input
@@ -1,6 +1,6 @@
 name: logstash
 title: Logstash
-version: 2.11.0
+version: 2.11.1
 description: Collect logs and metrics from Logstash with Elastic Agent.
 type: integration
 icons: