Hi,
I'm new here and already read a lot about ELK but can't understand this.
What is the best way to read file logs, extract some fields, and send to Elastic search,
is the performance better when Filebeat's sending to Logstash for extracting fields,
compared to when
using Logstash file inputs directly, and then same filters for extracting fields ?
I see people complaining about logstash performance, but I can't really get rid of it when I need structured data (fields extracted from message) right ? so do I even need Filebeat in addition to LS (performance wise) ?
Thanks.
EDIT: Ok, I've just discovered Ingest Node which seems to be exactly what I was looking for. Will continue to look more into it.