I did configure the Elastic Stack (Logstash + Elastic search + Kibana ) with filebeat. So my question is I have multiple servers where I deployed my application instances (Microservices applications ). I want to capture logs from all the servers but for that I have to install filebeat in each server. Is it the correct understanding ? or Can we configure something like that single filebeat instance able to fetch logs from all the servers (Servers can be same network) and send logs over TCP or any protocol ?
filebeat tails log files, and forwards lines to Logstash or Elasticsearch. It's not recommended to use filebeat with network shares to collect logs from multiple servers (Network shares often introduce problems, like network loss, out of order 'commits' and other...). Alternatively to using filebeat, you can have your servers/applications directly send logs to Logstash (via TCP, HTTP, syslog, fluentd protocol, ...)
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.