Hi,
I am new in elk stack. Please someone help me.
We have 4 application running on apache server. Client don't want to use filebeat to push log individually to logstash as this will affect the performance of the application.
So, is there any alternate to process log file without filebeat?
Can we use syslog server and then forward the log to logstash?
Plz help
Yes.
I use syslog-ng to push out system and internal logs to Logstash from all of my servers.
Client don't want to use filebeat to push log individually to logstash as this will affect the performance of the application.
How so?
They worried that it will consume resources of production server which in turn affect their performance.
Well, sending things via syslog isn't completely without cost either and can actually be more problematic since you either have to send data via TCP, which could block your application and/or lose logs, or UDP, which obviously can lead to loss of logs.
Instead of worrying they should measure the impact and weigh the cost against not collecting logs.
I'd have to agree with Magnus.
The impact is very, very minimal regardless which option is chosen.
@magnusbaeck Thanks....
Finally they convinced 
Now we have one more issue.....
We are sending log from two different host using filebeat to logstash, but we are getting only one hostname in available field in kibana i.e. in our case we are sending log from root@server1 and root@server2. But we are getting only server1 in kibana and also in hostname.
Check the Filebeat logs on server2.
And does tcpdump show any incoming packets?
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.