I am new to ELK and my organization is interested in implementing this
framework.
I setup ELK on my machine and trying to collect logs from remote server.
But the logs on the remote server are huge in size (in GigaBytes).
I see we can use logstash shipper or logstash forwarder. But I don't want
to forward all the data to central ELK server for indexing.
So I want to filter data on the remote servers locally before being sent
to ELK server. How can we do this?
Also we have many such remote servers from which I want to collect filtered
logs on ELK server.
Can someone suggest the recommended architecture to collect 'filtered'
logs from multiple remote server and forward them to central ELK server?
Also what could be the performance impact and CPU utilization to have
logstash filtering on each remote server,
when compared to one central logstash server with logstash forwarder on
each remote servers?
On Thursday, November 06, 2014 at 20:27 CET,
Vilas Reddy pvilasreddy@gmail.com wrote:
I am new to ELK and my organization is interested in implementing this
framework.
I setup ELK on my machine and trying to collect logs from remote
server.
But the logs on the remote server are huge in size (in GigaBytes).
I see we can use logstash shipper or logstash forwarder. But I don't
want to forward all the data to central ELK server for indexing.
May I suggest you take this question to the logstash-users mailing list
as it's unrelated to Elasticsearch itself. While some Logstash folks
follow this list as well the message is more on-topic there.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.