3 nodes of Elastic will be in private datacenter and our customer's logs will send by VPN.
The question: I don't know how to forward data from customer side to my cluster.
Should I use Logstash with Beats?
My colleague says that we can use Elastic Agents and it will be much easier... but I didn't find any information about what is better or right to use...
It really depends on what you're trying to accomplish depending on The specifics of your use case.
Both are valid approaches.
But in short, if you're just getting started, I would recommend
starting with the Elastic Agent.
Elastic agent has some nice features such as being able to upgrade from a central console, hundreds of out of the box integrations and it's the way elastic is moving forward in the future.
It also includes elastic defend which is the endpoint security capabilities If you choose to configure that.
Here is a bit of a comparison.
Get started and come back with detailed questions.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.