Best practice on data ingestion methods

Boemo2023 · October 26, 2022, 8:28am

I currently have a self managed elasticsearch cluster that up until now I have just been feeding with data via HTTP POSTs (to port 9200) to specific indexes from various servers.

I'm now in the process of setting up beats and Logstash which will provide new/better pipelines.

I just wondered what the general best practices are around just feeding data into elasticsearch via direct HTTP POSTs? Is this something that shouldn't be used in production, or is it something that has legitimate use cases? I'm considering whether to keep it as an option or move away from it completely.

When I research ingest methods of course people talk about beats, Logstash and API clients but I don't see much discussion about direct HTTP POSTs.

warkolm · October 31, 2022, 2:24am

Welcome to our community!

I would probably look at using more ingest pipelines in Elasticsearch over Logstash. If you take that route you can then use coordinating nodes to reduce any direct pressure on data nodes in your cluster.

system · November 28, 2022, 2:24am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Elasticsearch Ingest Pipeline to Logstash Elasticsearch	3	378	August 7, 2020
Logstash or straight? Beats metricbeat	3	249	December 11, 2020
Regarding Ingest Node Pipeline Kibana	10	221	January 11, 2023
Best practice for Logging with Filebeat Beats	5	1836	June 8, 2018
Are Elastic Beats capable enough to ingest data into Splunk? Beats beats-module , filebeat , packetbeat , heartbeat , auditbeat	3	2384	October 20, 2021

Best practice on data ingestion methods

Related Topics