All,
I'm coming up to speed with the ELK stack in general and have a couple questions about best practices.
I'm starting with ingesting IIS logs with Filebeat -> Logstash -> Elasticsearch. I am loadbalancing with:
filebeat.yml
output:
logstash:
hosts: ["host1:5044", "host2:5044", "host3:5044"]
loadbalance: true
iis.yml
output {
elasticsearch {
hosts => ["host1:9200", "host2:9200", "host3:9200"] manage_template => false index => "%{[@metadata][beat]}" document_type => "%{[@metadata][type]}"}
- Is this best way to configure load balancing, basically load balance at the beat level as well as the logstash level into ES?
- Is there a way to see which node info traveled through to ES, i.e. filebeat -> node2 logstash -> node1 ES?
Thanks in advance,
HB