Hi all. We're looking to start using the Elastic Stack in our systems, and while I've messed around with it personally in the past and know all of the basic concepts and ideas, the one sticking point right now is Logstash, specifically with regard to OS choice. Normally, all of our servers are built with Windows, though we have a few Linux boxes specifically be stipulation of one of our vendors. Getting new Linux boxes approved is like herding nip-crazed cats in a bird sanctuary. I know from the support matrix that Logstash is officially supported on Windows Server 2012 R2 (which is our preferred OS), but I can't seem to find any recent documentation anywhere about how to get it to run on there, at least without using NSSM. NSSM is a handy tool, but we're unfortunately a risk-averse enterprise, so an obscure open-source tool has as much chance of getting approved for a Production server as Hillary giving Trump a hug.
We really only need to use Logstash for the applications running on our Linux boxes, though. We have 18 such servers that all have pretty high throughput (roughly a quarter-million real-time transactions per day per server). What should an ideal Logstash deployment look like for this? Should we put an instance of it on each Linux server, since running it on Linux is obviously more openly supported than Windows? Is there a source of Windows documentation out there somewhere whereby we could set up and run a dedicated Logstash server? Any other thoughts?
Thanks in advance for any advice y'all can offer.