hello,
What is the best practice to load logs data in elasticsearch when you have more than 200 servers ?
I think I have 2 choices for my architecture :
- On each server , I configure the elasticsearch host in my logstash conf :
output {
elasticsearch {
hosts => ["hostname:9200"]
index => "${INDEX}"
}
}
- I use a broker like kafka to routing all messages to elasticsearch. All logstash conf send data in the kafka broker
advantages and disadvantages for these solutions ?