Is it possible to make a logstash cluster to increase it's capacity in terms of logs processing, transformation and forwarding.
i think we need this kind of setup for larger scale because when we correlating between multiple index of elasticsearch in realtime we need strong processing system to compare each record with millions of available document at same place.
I required your input and feedback as well in this topic. please help me in this context to make better choice for enterprise workflow.
Logstash instances can't cluster in the same sense Elasticsearch can. Depending on your exact requirements and goals this may or may not be a limitation. It's not clear what kind of correlation you want to perform and how that should be implemented efficiently.
We aware about we can make cluster into elasticsearch. but we have required cluster at logstash end the reason is all the processing we are doing with logstash only if it goes down then it's single point of failure for us even we have the elasticsearch cluster.
yeah, what if we are performing lookup query for each records with millions of documents in that case i need strong processing speed. so i just looking a solution for it..
If you send all inbound events to a message broker you can have multiple Logstash instances pulling from the queue set up in the broker. Then you get both horizontal scalability as well as fault-tolerance.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.