what is the best option to pull data? Read from a log file or Database? Best option in terms of Performance/latency/data accuracy.
a. If Database, then any drawback like extra overload on Application database? How frequently it reads?
b. If both the cases, what happens if Kibana goes down and need to load older log files or data? Will it be done automatic, in real time?
2) Can single Kibana instance handle multiple apps? Or should i go for separate Kibana instance per app. If single, then any performance degradation and can we control user access to specific application data?
what is the best option to pull data? Read from a log file or Database? Best option in terms of Performance/latency/data accuracy.
There is no single best option that's preferable under all circumstances. All methods have advantages and drawbacks.
a. If Database, then any drawback like extra overload on Application database? How frequently it reads?
Reading from the database obviously comes with a cost. You can choose how often to do the polling.
b. If both the cases, what happens if Kibana goes down and need to load older log files or data? Will it be done automatic, in real time?
Kibana is just the visualization layer. If either Logstash or Elasticsearch goes down you'll probably be okay, but it depends on how things are implemented. There will always be opportunities to screw things up.
Can single Kibana instance handle multiple apps?
Yes.
Or should i go for separate Kibana instance per app. If single, then any performance degradation and can we control user access to specific application data?
With the Shield product you get pretty granular access control.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.
