I am evaluating Elastic Cloud and the preferred usage pattern would be to send log data with Filebeat to Logstash in the Cloud so we would just need to worry about Filebeat being configured the right way.
In the documentation I just found two options:
So is our preferred way: Filebeat (local) to Logstash (Cloud) possible? Any pointers to documentation I missed are welcome.
Thanks in advance!
Carl
Elastic's cloud offering only has Kibana and Elasticsearch. You will still need to run your own Logstash instance if you definitely need it.
There's nothing wrong with running logstash on a publicly available IP address as long as you secure it properly.
To give you some insight into our setup, we have Filebeat pushing to Logstash which is running on the LAN, which then transforms data and drops unnecessary data, then forwards it to Elasticsearch which is running on Elastic Cloud.
We also have Metricbeat running on all of our hosts which is configured to send events directly to Elasticsearch. We made this descision because we didn't want our entire site to appear offline if logstash went down.
Thanks for your answer and your insight into your setup.
I you sure about logstash not being part of the offering?
I am asking because under "Management" in Kibana I can configure and deploy logstash pipelines.
This only allows you to deploy configuration to Logstash instances that are set up for central management. Same for Beats.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.