Hello,
I'm VERY new to ELK and I wanted to confirm the order in which I need to deploy ELK.
So, I believe the main components are of course Elastic Search, Logstash and Kibana. I also wanted to add a buffer layer using Redis and here is where I get a little confused. Does the buffer layer come after file beat or after logstash? For example:
Option 1: File Beat > Redis > Logstash > Elasticsearch > Kibana
Option 2: File Beat > Logstash > Redis > Elasticsearch > Kibana
Option 3: File Beat > Logstash > Redis > Logstash > Elasticsearch > Kibana
I've seen multiple options and method and I know it depends on your environment but I just wanted to get a flow going and want to know which method would be the most basic one and grow from there. I was thinking option one and add a 3 host layer for Redis, Logstash and Elasticsearch one I got it working. Thank you for any and all help and suggestions.
Thank You