Currently I have added beats to my logstash with there own port numbers and created new configs in logstash for each one of them. Is this the most efficient way to add filebeats to logstash when creating my stack.
Filebeat logs of a "common format" can and probably should all go the same port/ in logstash, Each of these would be best in a logstash pipeline (of multi pipeline logstash) The only reason for seperate ports is if you need different processing, such maybe general iis logs vs those from Exchange.
What do you need to be different about each of these logstash configs?
I was using different ports because when I tried to send all of the filebeats to 5044 it seemed like all of the logs were not going through .. but when I separated the filebeats by ports it all worked better
for my winlogbeat shows 353 unique hosts sending to the same port, but I'm running 4 logstash servers. The beats config lists all of them to load balance.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.