Architecture centralisation logs

icirco · April 30, 2019, 2:18pm

hello,

What is the best practice to load logs data in elasticsearch when you have more than 200 servers ?
I think I have 2 choices for my architecture :

output {
elasticsearch {
hosts => ["hostname:9200"]
index => "${INDEX}"
}
}

I use a broker like kafka to routing all messages to elasticsearch. All logstash conf send data in the kafka broker

advantages and disadvantages for these solutions ?

system · May 28, 2019, 2:18pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Recommended ELK architecture for production? Elasticsearch	15	12166	July 5, 2017
Best configuration for analysing multiple servers Elasticsearch	6	3920	July 6, 2017
Need help with Kafka and Logstash with elastic Search cluster Logstash	4	336	June 7, 2019
Best practice for shipping logs from large amount of clients using logstash Logstash	4	551	August 28, 2020
Elasticsearch logstash output plugin production configuration Logstash	2	1073	July 6, 2017