Best practices for on boarding ELK stack

rahul.dhammy · February 9, 2017, 6:08pm

Hi All
I am just trying to setup ELK with my windows based services. I am using log4net for my logs and want to use ELK stack for centralized log processing.
My question is what are the best practices for setting the ELK stack? To be more specific correct me for any of my understandings below

Elastic server be a central server and would not be on my application box.
Logstash would be central server and would not be on my application box.
Kibana would be a central server and would not be on my application box.
I will use filebeats on my application box to forward data to Logstash (so that logstash could massage the data)
The overall flow would be filebeats would ship my application logs -> Logstash-> elastic search -> Kibana

On same lines is it advisable to write logs directly to elastic using loig4net appender? I think there would be latency issues and other concerns here is such an approach.

warkolm · February 13, 2017, 8:46am

1-3 yes ideally.
3 yes.
5 Yes.

It can be done, but you do need to be aware of things like that. Or what happens if the agent cannot connect.

rahul.dhammy · February 13, 2017, 2:12pm

Thanks @warkolm

system · March 13, 2017, 2:12pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.