Greetings fellow Logstashers. I am fairly new to Logstash. I am trying to implement Persisted Queues but I am having trouble understanding some stuff.
If my understand is accurate, I would have Logstash running on each instance with the "Beats" plugin installed and configured to push the data to the Logstash Persisted Queues instance. Is this correct?
Does anyone know if an example configuration for a host that is sending it's logs to the Logstash Persisted Queue instance?
Do I still have to run Logtash on the hosts I want to run Filebeat on to push the logs the Logstash Persisted Queue instance or can I just run Filebeat?
Does Lumberjack still have a place here? The Logstash Persisted Queue instance is running the latest version of Logstash with Lumberjack configured to listen on 5044.
If my understand is accurate, I would have Logstash running on each instance with the "Beats" plugin installed and configured to push the data to the Logstash Persisted Queues instance. Is this correct?
What's the point of having a separate instance with a persisted queue? What's the overall architecture and the motivation behind it?
Do I still have to run Logtash on the hosts I want to run Filebeat on to push the logs the Logstash Persisted Queue instance or can I just run Filebeat?
The point of Filebeat is to be a lightweight shipper of log files, so having to also run Logstash on the same host would be rather pointless. So yes, have Filebeat ship directly to one or more Logstash instances.
Does Lumberjack still have a place here? The Logstash Persisted Queue instance is running the latest version of Logstash with Lumberjack configured to listen on 5044.
Until there's a beats output for Logstash it's still useful to use the lumberjack input/output plugins for Logstash-to-Logstash communications.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.