Logstash VS Filebeat


I have a doubt why i should use a file beat ?? what is the use of file beat ?? when logstash is able to fetch to fetch the logs.

let me describe a scenario

i have an application running in the server (A) and its log is generated in the folder ALOG
my ELK is running in a server (B)
then i can use the "source " part of the logstash to fetch the log that is generated in the server A in the folder ALOG by jest doing a SSL between the server.

please help me to understand why i need filebeat when i have logstash in the Architecture.

thanks in advance

Vigneshprasanna R

1 Like

You should use Filebeat if your log file is not on the same machine running Logstash, which seems to be your case.

Your log file is in the Server A and your Logstash is running in the Server B, so you will need to send your log to Logstash in some way, one of the ways to send the data in the log file is using Filebeat.



what I’m not understanding is that why I should use file beat instead of giving permission to logstash "Source" to get the logs from the server "A" by doing a SSL or any of the methods given in the below link

What is the great advantage of using file beat with logstash is it going to give a level of security while transferring the log data?? Or any level of comfort for hand shake within two servers?? Why file beat??

Please help me in understanding

Hi there, I think you are confused. The article you have linked has nothing to do with sending logs into Logstash and everything to do with Logstash sending into Elasticsearch.

Filebeat is a brilliant, light-weight application that runs on all your servers that you want to send logs FROM. You send from Filebeat TO Logstash, covered by TLS. The Filebeat agent can be pointed at log files and then it will "tail" the file, sending all entries made to that file to your Logstash server, securely. It will also follow logrotated files!

Here's a great link that I followed some time ago. These are old versions of ELK that they're talking about but the configuration about Filebeat to Logstash is still relevant to your question and talks you through both options of creating a TLS Certificate pair (if you use DNS or if you use IP address).

Best of luck!

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.