General architectural question re beats & ES


#1

Hi all,

I'm going to have to monitor several remote domains consisting of Windows and Linux servers. I want to run beats on all of them. Is there a simple way of concentrating all beats output into one system inside such a domain and from there send it to a central network management system that runs ES and whatever else that would be needed?

Appreciate any hints.

Regards,
Robs


(Noémi Ványi) #2

Usually, Elasticsearch or Kafka are the parts of the architecture which concatenates all Beats outputs into one system. There is no intermediate software between those elements.


(Alex Riemenschneider) #3

It could be a solution to collect the beat outputs in a Logstash instance running in the respective domain and forwarding the different queues from there to a central ES system.

Thats just an idea where to look to. I'm not quite knowledgable if every Beat you are running is able to go through a Logstash queue.

The filter section of the queue(s) would be usually empty:

input {
  beats {
  }
}
filter {}
output {
  elasticsearch {
  ...
  }
}

(system) #4

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.