Is store log file in elastic search is a best practice?

atline · September 17, 2019, 2:28am

I have next scenario:

One system will run a lots of application and generate logs. Everytime when one application finish, I will send the log to elasticsearch.

There are 2 choice here:

Every application first generate the log in file system, then use filebeat to collect the log to elasticsearch. Using this way, we have 2 copies of log for per-application.
Every application not generate the log in file system, directly use elasticsearch rest api to send the log to elasticsearch, any design choice compare to choice 1? Will it make me some trouble? What's the suggested way?

abrx · September 18, 2019, 8:42am

The 2nd scenario allows you to save disk space on machine, but it's harder to see if you're loosing logs (wrong logstash pipeline, network issues, authentification issue...).

Maybe you should go for the 1st solution and rotate files using logrotate or custom script to save disk space.
So in case of problems with the ingestio npipeline you can replay it on files and compare bare informaiton on client with what you indexed.

Topic		Replies	Views
Which is a better way? Elasticsearch	5	724	May 11, 2017
Send raw logs to elastic server Elasticsearch	14	1203	January 11, 2023
Beats to Elasticsearch or Beats to Logstash? Which is best practice Beats filebeat	3	514	April 10, 2018
Filebeat insert logs from multiple hosts in parallel Elasticsearch	2	436	March 18, 2020
Pull ES data and generate application logs Elasticsearch	3	625	November 12, 2017

Is store log file in elastic search is a best practice?

Related topics