Hi Guys,
Since I am a novice would like to know if shipping logs from Linux system like apache/nginx filebeat would be better as compare to logstash? or I need to have logstash to injest the logs?
I believe I can directly ingest the logs in elasticsearch from filebeat, correct? Or which is mode advisable * from filebeat directly to elastcisearch
Logstash has more features than Filebeat. Whether Filebeat is good enough for you depends on your use case and what you want to do with your logs.
Agree well my use case is I need to collect logs from different networking devices like Cisco Router, Firewalls, Switches, Linux servers comprises of Apahce as well as nginx as reverse proxy server and Windows AD, File as well as desktops.
What do you suggest? logstatsh will help or filebeat/winlogbeat?
Assuming the networking gear logs via syslog to a Linux box on which you run Filebeat to ship the logs I suppose you could use Filebeat, but again, it depends on what you want to do with your logs. Do you want to enrich them somehow by adding extra fields? Are you unhappy with how the standard fields are named so that you want to rename them? I don't know because it's up to you. Evaluate both options or play safe and use Logstash (possibly together with Filebeat in the role of a lightweight shipper of logs to Logstash).
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.