Hi, I've been reading a number of articles as I try to put a design together for log aggregation. My situation is that I have a relatively small (no huge traffic loads) distributed application. The overall app will be running docker containers (2 running spring boot java apps, one running mongo, one rabbit mq, and finally a small python app). Oh, and I have a container running ELK(sebp/elk).
I've read myself into confusion as it pertains to deciding if I need filebeat, logstash both? Should I be reading the docker logs or the individual services logs? Before going down the wrong path I wanted to get some advice.