I am looking into using FileBeats with Logstash. Isntalling Filebeats into each client server is not scalable if the number goes high and at one time filebeat agents need version upgrades.
Thus, I am looking into using centralized syslog server per application cluster and all nodes push their logs to this syslog server where File beats is installed.
Then can FileBeats filter only application logs in the log, before pushing it to Logstash?
What is the right approach using File beats or alternative approaches for a scalable log collection system?
It seems in your use case you don't need Filebeat as you already have all the data in syslog can directly send all the messages to Logstash via syslog. Filebeat is useful when you have your log files in file format and want to fetch the data from there. Also there are lots of additional features in FB that can be useful but if the above is all you need, Syslog -> seems like the solution you are looking for.
Thx. g8.. But then syslog with Logstash will not support backpressure and if Logstash is down, what happens to the applications that is trying to push their logs to Logstash directly with syslog?
That are some of the advantages you have with Filebeat. If you need these features, I would recommend you to write all your logs to file on each server and let Filebeat pick them up there.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.