Logstash Pipeline Set-up and Architecture

Hi all,

Currently i have one cluster of LogStash nodes ,and fronted by a load-balancer with a fully qualified domain name. For the logstash configuration, i allows all beats to pipe their logs into a single port (by default its 5044)

My question is, is there any good practices on how logstash should be architect? Especially when it start to scale, having a single logstash might not be the best way to go.

Some options i was pondering

  1. Have multiple logstash cluster handling different beats/system inputs
  2. Have multiple ports within Logstash to handle different beats/system inputs

Advice/comments are appreciated! Thanks!

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.