I see that this article is now marked as no longer recommended: https://www.elastic.co/blog/logging-elasticsearch-events-with-logstash-and-elasticsearch
What is it about the article which is now bad? Why would I prefer writing a log to file and the piping that to logstash using FileBeats rather than sending the data directly over TCP to logstash? What would be the advantage and why should we be now ignoring that article?
Cheers
Ari
I think I can answer my own question. The log4j input plugin for logstash is pretty much abandoned. https://github.com/logstash-plugins/logstash-input-log4j2
The old plugin works only for log4j 1.x which no-one would use these days for a new project. And the new plugin has had zero work done on it yet.
There was an old ticket and someone created a patch, but sadly after several years of neglect the patch is now 404. https://logstash.jira.com/browse/LOGSTASH-1578
One additional advantage of using filebeat is that it can connect to multiple logstash instances and do some load balancing.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.