We are under the process of upgrading the versions of logstash and elasticsearch. Currently we are using logstash-1.4.2 version.
Our project flow is like this " logstash shipper (parse the logs here only) ---> ( ( redis+ logstash indexer )-3 node cluster) --->elasticsearch(2 node cluster)".
We get 250,000 hits per hour an average to elasticsearch.
Recently i come across the 'filebeat' concept, Kindly suggest me the best approach to ship the logs, shall i proceed with existing flow or shall i use filebeat instead of logstash shipper ---> redis?
Any suggestion is appreciated.
Thanks in Advance.