Best practice on data ingestion methods

Boemo2023 · October 26, 2022, 8:28am

I currently have a self managed elasticsearch cluster that up until now I have just been feeding with data via HTTP POSTs (to port 9200) to specific indexes from various servers.

I'm now in the process of setting up beats and Logstash which will provide new/better pipelines.

I just wondered what the general best practices are around just feeding data into elasticsearch via direct HTTP POSTs? Is this something that shouldn't be used in production, or is it something that has legitimate use cases? I'm considering whether to keep it as an option or move away from it completely.

When I research ingest methods of course people talk about beats, Logstash and API clients but I don't see much discussion about direct HTTP POSTs.

warkolm · October 31, 2022, 2:24am

Welcome to our community!

I would probably look at using more ingest pipelines in Elasticsearch over Logstash. If you take that route you can then use coordinating nodes to reduce any direct pressure on data nodes in your cluster.

system · November 28, 2022, 2:24am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Elasticsearch with log data and elastic stack Elasticsearch	8	437	June 1, 2018
Elasticsearch Ingest Pipeline to Logstash Elasticsearch	3	378	August 7, 2020
Logstash and Elasticsearch Ingest Node Logstash	1	286	September 17, 2019
Logstash or straight? Beats metricbeat	3	249	December 11, 2020
Regarding Ingest Node Pipeline Kibana	10	221	January 11, 2023

Best practice on data ingestion methods

Related topics