More performatic design for Filebeat and Logstash

Elastic Stack Beats
1

Hello all.

I'm building a monitoring environment with the follow features:

  • 1 Windows servers monitoring more 4 windows server

  • Topbeat in each machine saving the information in log files

  • Applications saving log files

  • ArcgisServer saving logs files

  • IIS saving log files

  • All the logs folders are shared through the network.

  • One Filebeat service on the monitoring machine colecting all the files through the network.

  • One logstash service on the monitoring machine parsing all the logs.

My doubt is about the system performance with this configuration. I'm thinking if it is right to have only one filebeat and one logstash service to deal with all the logs, or should I create one filebeat and one logstash for each type of log ?

Sorry but I don't understand about how these services deeply works, just started to work with ELK and this doubt came, and I didn't had time to measure both configurations, so i'd really apreciate any consideration of you guys about this.

Regards

2

A few notes here to get started:

  • Use Metricbeat instead of Topbeat, as in 5.0 Metricbeat replaced Topbeat
  • Install Filebeat on all edge nodes. We strongly recommend not to read log files with filebeat from a shared drive.

The scaling of the setup depends on the amount of events you have.

3

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.