I have next scenario:
One system will run a lots of application and generate logs. Everytime when one application finish, I will send the log to elasticsearch.
There are 2 choice here:
Every application first generate the log in file system, then use filebeat to collect the log to elasticsearch. Using this way, we have 2 copies of log for per-application.
Every application not generate the log in file system, directly use elasticsearch rest api to send the log to elasticsearch, any design choice compare to choice 1? Will it make me some trouble? What's the suggested way?