Post data to Elasticsearch best parctice

Tal_Bar_Or · February 7, 2016, 12:51pm

Hi All,

I have developed system act like NAC (network access control ) , and we would like to send events to ELK and create incident report.
The system is developed in Python , because of that we have the possibility to use API to post data directly into Elasticsearch , my question would be in terms of scale and performance and eventually best practice , what would be best usage of posing events to ELK
nac server > (python api)>Elasticsearch
or
nac server >logstash>Elasticsearch
or other method you recommended? ,
Please advice
Thanks

magnusbaeck · February 7, 2016, 2:24pm

Both approaches will work and I don't see any significant benefits with either. One upside of using Logstash as a middleman is that your application can always stream data to disk without being dependent on the availability of ES. On the hand the stack becomes more complicated.

Tal_Bar_Or · February 7, 2016, 8:33pm

understood Thanks
Cheers