Is it necessary to use filebeat or logstash forwarder in ELK stack?

Is it necessary to use filebeat in ELK stack for collecting logs like installing filebeat on all the servers from where we need to collect logs and installing Logstash, ES and Kibana in a single separate server.
Or can we install Logstash on all the servers to collect logs and install ES and kibana separately on a single server?
And if the second approach is allowed do we need to generate SSL certificate for confguring Logstash with ES?

Any other useful information is also welcome

filebeat everywhere and logstash everywhere are both valid options.

If you want to use TLS to secure connections then yes, you will of course need certificates.

So if I am understanding correctly then it is not necessary to use filebeat at all.
I will use logstash on all the client servers and forward the logs to ES installed on a different server?

That is an option, but filebeat is a much lighter weight process than logstash. It really depends on how much processing you want to do to the logs.

For minimal processing you may not need logstash at all, just install filebeat everywhere and point it to elasticsearch with an ingestion pipeline configured.

The stack is really flexible these days (much more so than a few years ago) and it is really hard to give general advice on architecture.

Thanks Badger!!

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.