If I am taking in data from Beats do I need to go through Logstash to Elasticsearch or can I go directly to Elasticsearch and then visualize it in Kibana? I am bit confused as to how Logstash fits into Beats.
You could do both .
(a) beats => logstash (beats input) => elasticsearch
(b) beats => elasticsearch
In my opinion,
If you need to parse fields from your data, I think (a) is more flexible. However, you will have extra software in your pipeline though.
For (b) , you need ingest pipeline which you will construct using json syntax. If the pipeline become complex, you will have hard time creating it.
Right now I am intaking syslog, but I can see this growing if it works well.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.