There is a Mercurial repository here that you can clone with

hg clone http://hg.five-ten-sg.com/logstash
cd logstash
make srpm
make rpm

That should fetch the sources and build both source and binary rpms suitable for Centos6. Logstash includes bundled binary .jar versions of ElasticSearch, JRuby and others. Some of those dependencies have been unbundled into their own rpms.

Or you can pull a 40MB tarball from http://www.five-ten-sg.com/util/logstash.centos.tar.gz containing pre-built source rpms.

This now builds elasticsearch (0.90.5), GraphTastic-client, jruby (1.7.3), Kibana (3.0.0) , and logstash (1.2.1) rpms. The jruby rpm is only needed on systems like Centos6 that don't have their own native jruby rpm.

WARNING: the above build will remove your ~/.m2 directory. The elasticsearch build uses maven, which likes to cache copies of .jar files. I think that any "build from source" should not end up with output files dated weeks ago.

The logstash "agent --log $LOGFILE" does not properly handle the standard Centos6 logrotate - if the logfile is rotated away (renamed, eventually deleted) logstash does not seem to notice. So this rpm does not do logrotate on that file. That will be changed in a future version when logstash can handle it.

I think that a default rpm install followed by "service logstash start" should do something useful, but should not eventually fill the disk. This version is bundled with an index cleaner, so it only keeps $DAYS days of data.