General architectural question re beats & ES

Hi all,

I'm going to have to monitor several remote domains consisting of Windows and Linux servers. I want to run beats on all of them. Is there a simple way of concentrating all beats output into one system inside such a domain and from there send it to a central network management system that runs ES and whatever else that would be needed?

Appreciate any hints.

Regards,
Robs

Usually, Elasticsearch or Kafka are the parts of the architecture which concatenates all Beats outputs into one system. There is no intermediate software between those elements.

It could be a solution to collect the beat outputs in a Logstash instance running in the respective domain and forwarding the different queues from there to a central ES system.

Thats just an idea where to look to. I'm not quite knowledgable if every Beat you are running is able to go through a Logstash queue.

The filter section of the queue(s) would be usually empty:

input {
  beats {
  }
}
filter {}
output {
  elasticsearch {
  ...
  }
}

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.