Is it necessary to use filebeat in ELK stack for collecting logs like installing filebeat on all the servers from where we need to collect logs and installing Logstash, ES and Kibana in a single separate server.
Or can we install Logstash on all the servers to collect logs and install ES and kibana separately on a single server?
And if the second approach is allowed do we need to generate SSL certificate for confguring Logstash with ES?
So if I am understanding correctly then it is not necessary to use filebeat at all.
I will use logstash on all the client servers and forward the logs to ES installed on a different server?
That is an option, but filebeat is a much lighter weight process than logstash. It really depends on how much processing you want to do to the logs.
For minimal processing you may not need logstash at all, just install filebeat everywhere and point it to elasticsearch with an ingestion pipeline configured.
The stack is really flexible these days (much more so than a few years ago) and it is really hard to give general advice on architecture.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.