Hello all,
Is it common practice to send Metricbeat data and/or Winlogbeat data through Logstash or directly to Elasticsearch?
I've noticed in the Kibana UI when I pipe metricbeat through logstash the beats moniotring does not populate in Kibana monitoring and is monitored in logstash monitoring instead. I am curious which is more practical? I currently don't have any filtering needs for either app.
Hello @cmcdowell03
Sending to Logstash or Elasticsearch directly are both fine setup.
But the out of the box experience is better with Metricbeat talking directly to Elasticsearch, the beat will take care of anything for you, configuring the templates, pushing the kibana dashboard. When you add logstash you have to do a few more manual steps to have the same experience. We are working to improve that.
But, If you don't need to do any filtering I would configure metricbeat to send the data directly to Elasticsearch.
Also, sometime, it make sense to add Logstash in between and use queues if your Elasticsearch cluster cannot handle the load that you have.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.