ELK Stack for production

Hi All,

I have been reading, learning about ELK Stack, I am stuck in the below:

For a production environment is it better to have separate VMs for Elasticsearch, logstash, kibana, Filebeat using rpm installation.

Or use separate VMs for Elasticsearch, logstash, kibana, Filebeat using docker-compose installation each component alone.

I believe having all stack in one VM is not a production option.

What I really need to know why to use docker-compose over rpm incase after all each component will be on a dedicated host, please help

Thanks,
Mai

Hi Mai

I suggest separate VM's, for Elasticsearch you can have a dedicated VM and you can combine kibana, lostash..

And filebeat will be on Ur machine where your log files are located

Regards
Dilip

I agree that it is best to separate them because if you have to scale your cluster later it will be helpful. I also personally recommend putting nginx or apache in front of Kibana and proxy passing 80 -> 443 -> whatever internal port and IP you use for kibana to make it easier for you users to just type the url in their browser. This also allows you to use htaccess (although htaccess is unnecessary now for logins since they added users and roles to the basic license recently) and set up SSL in nginx or apache. Doing so also gives you an opportunity to try out all the beats on your kibana box so you can enable metricbeat and filebeat modules for apache to see the dashboards.

Welcome to the community!

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.