Now I want to replace the Forwarder by a full blown Logstash, so I
can collect data from more inputs than just files and can get rid of the
lumberjack protocol with its need to secure communication (which made
always trouble). I also switched to Logstash 2.0.0 and have now the
following setup
I hoped I could use not secured filebeat protocol between the first
logstash instance and the second, but I don't see any (File)beat output
for logstash. For now I'm using http, but this seems to be far to slow.
Is there a way to use Filebeat between 2 full blown logstash
instances, or what would be a appropriate way to let them communicate
without the need to install more infrastructure like messaging providers
or things like that?
The idea behind Filebeat is that it's a lightweight shipper that you install as an agent on your servers to collect data from all your servers and send it to a central Logstash to enrich, parse and transport data. So, the flow would be: Filebeat -> Logstash 2.1.0 -> Elasticsearch.
Excepting files, what data would you like to collect? Maybe other Beat can help you here
Edit: To answer your question, Logstash has a beats-input plugin, but now a beats-output plugin yet. It might get one in the future. Until then, you could use tcp input & tcp output.
At least in future I will need to connect to JMX beans.
Since we are monitoring large java server applications small footprint is not a requirement, there is enough memory in thats servers. Flexibility is the more important requirement.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.