Filebeat + Logstash + ElasticSearch

ryveradam · June 12, 2017, 10:05pm

Greetings fellow Logstashers. I am fairly new to Logstash. I am trying to implement Persisted Queues but I am having trouble understanding some stuff.

If my understand is accurate, I would have Logstash running on each instance with the "Beats" plugin installed and configured to push the data to the Logstash Persisted Queues instance. Is this correct?
Does anyone know if an example configuration for a host that is sending it's logs to the Logstash Persisted Queue instance?
Do I still have to run Logtash on the hosts I want to run Filebeat on to push the logs the Logstash Persisted Queue instance or can I just run Filebeat?
Does Lumberjack still have a place here? The Logstash Persisted Queue instance is running the latest version of Logstash with Lumberjack configured to listen on 5044.

Thank you!

andrewkroh · June 12, 2017, 10:20pm

The only thing you need to do special from a default setup is to enable the persistent queue feature in your Logstash config.

You could follow the Filebeat getting started guide. The basic architecture will be a Filebeat instance running on each host producing logs. One (or more) central instance(s) of Logstash that receives data from Filebeat using the beats input (not lumberjack). And an Elasticsearch cluster to receive the data from Logstash.

system · July 3, 2017, 10:05pm

This topic was automatically closed after 21 days. New replies are no longer allowed.

Topic		Replies	Views
Filebeat + Logstash Persisted Queues + ElasticSearch Logstash	2	583	July 11, 2017
Are persistent queues needed with Filebeat? Logstash	3	2099	September 27, 2017
Does Packetbeat / Filebeat / Topbeat do store and forward? Beats	3	1417	July 5, 2017
Filebeat -> logstash -> elastic Logstash	6	376	December 20, 2021
Regarding Logstash Persistent Queus Logstash	1	259	June 22, 2018

Filebeat + Logstash + ElasticSearch

Related topics