This is my current architecture. Logstash => Elasticsearch
I do not use filebeat/forwarder. Logstash crunches the logs and send it to Elasticsearch
Is it necessary to introduce Redis in this? Logstash =>Redis => Elasticsearch
If you are reading from files and do not have an overly aggressive rollover layer, there is generally no need to introduce a message queue for buffering, as Logstash can simply stop reading for a while if writing to Elasticsearch is not possible and then catch up once any issue clears. If you however have inputs based on TCP and/or UDP, introducing a buffering layer may make sense.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.