I need your help and opinions in my case.
I've got a request for installation ELK Cluster in such configuration:
3 x nodes for Elasticsearch, each node will be master/data/ingest node, on each node will be installed Logstash
1 x node with installed Kibana
I'm afraid about installation Logstash on 3 nodes and his configuration. Maybe I'm wrong and this is typical or standard installation but I'm reviewed few example 3 nodes configuration and alway Lostash was installed only on 1 node.
What do you think about such idea of ELK Cluster?
Could you tell me how to configure logstash in this case, please?
Where you install logstash or other log/metric collecting agents depends on what you want to collect and how you'd like to parse the data.
If your purpose is to collect logs/metrics from all nodes, you should have a logstash instance installed on each node.
If your purpose is to collect log/metric from other agent like filebeat or metricbeat, you can have a single logstash instance which receives data from filebeat, and sends data to Elasticsearch.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.