Help with architecture

We have moved to a distributed Linux/Apache Tomcat environment, and the
logs [apache, tomcat, applications, sys, etc] are killing me. We keep
talking about centralize logging but doesn't seem like an easy task. I've
been reading the docs on ELK, and I like what I see. What I'm still not
seeing is the overall architecture in a distributed system. So I have a
Logstash process on each of my server nodes? Then each of those nodes
parse and report back to a centralized Elasticsearch engine? Is there any
documentation that anyone could point me to get a better understanding?

So that is question 1. The second question is that we visualized a copy of
our production in our test environment. How can I keep the events separate
from our production and test environments?

Any help would be greatly appreciated.

Thanks,
Josh

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/54489f93-97e1-4db4-8254-762df46e5d0a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

There's heaps of good docs;

If you want separate data then keep separate stacks! You can use the one ES
cluster if you want and then just use different indexes.

Regards,
Mark Walkom

Infrastructure Engineer
Campaign Monitor
email: markw@campaignmonitor.com
web: www.campaignmonitor.com

On 16 October 2014 06:57, Joshua Toepfer joshua.toepfer@gmail.com wrote:

We have moved to a distributed Linux/Apache Tomcat environment, and the
logs [apache, tomcat, applications, sys, etc] are killing me. We keep
talking about centralize logging but doesn't seem like an easy task. I've
been reading the docs on ELK, and I like what I see. What I'm still not
seeing is the overall architecture in a distributed system. So I have a
Logstash process on each of my server nodes? Then each of those nodes
parse and report back to a centralized Elasticsearch engine? Is there any
documentation that anyone could point me to get a better understanding?

So that is question 1. The second question is that we visualized a copy
of our production in our test environment. How can I keep the events
separate from our production and test environments?

Any help would be greatly appreciated.

Thanks,
Josh

--
You received this message because you are subscribed to the Google Groups
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/54489f93-97e1-4db4-8254-762df46e5d0a%40googlegroups.com
https://groups.google.com/d/msgid/elasticsearch/54489f93-97e1-4db4-8254-762df46e5d0a%40googlegroups.com?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/CAEM624aoyWVkF-CkNtKUoreBTGdv5rvWUJ0BAYqSf-oNvUrDqg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.