One logstash instance per kubernetes cluster

Hi,

What would be the best approach for configuring logstash in an environment where:

• Elasticsearch and Kibana are running in their own kubernetes cluster (deployed with ECK).
• Elasticsearch and Kibana instance is shared between all dev teams.
• Development teams each have their own kubernetes clusters where they run their applications. Each k8s cluster has filebeat installed with automatic kubernetes discovery.

What parameters should I consider to decide if logstash should run on each and every dev team kubernetes cluster OR if I should have logstash configured only in the elasticsearch cluster?

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.