I have developed system act like NAC (network access control ) , and we would like to send events to ELK and create incident report.
The system is developed in Python , because of that we have the possibility to use API to post data directly into Elasticsearch , my question would be in terms of scale and performance and eventually best practice , what would be best usage of posing events to ELK
nac server > (python api)>Elasticsearch
nac server >logstash>Elasticsearch
or other method you recommended? ,