Quick query about accepting data logstash or filebeat?

Blason · August 31, 2017, 6:04pm

Hi Guys,

I have quick query and I really would appreaciate if someone can answer it?
What is the better way to accept messages from server to elastic stack if installed on same server?
I mean lets say I have apache, nginx, Windows server and couple of Linux mail servers what would you recommend to injest message in es?

through logstash to ES or through filebeat on end computers into logstash on ELK and then to ES?

Since I am not so familiar with logstash and grok patterns; I am finding bit difficult to normalize the logs hence wanted to understand the best practise? Will filebeat suffice my need?

thiago · September 7, 2017, 4:58am

Hello, first of all, installing Elasticsearch on the same server as your application (i.e apache, nginx, etc) is not recommended since Elasticsearch is I/O and CPU intensive.

Lastly, if you are not familiar with Logstash then you may find Filebeat Modules useful.

Blason · September 11, 2017, 3:58am

Yep thanks for the reply and since this is my test environment I have setup ELK components on same machine.

What is best practise would you recommend in production? Elastic on separate server and LK on separate?

thiago · September 11, 2017, 4:01am

This might be of your interest Scaling Elasticsearch, Kibana, Beats, and Logstash | Elastic Blog

Blason · September 11, 2017, 4:16am

awesome buddy!! Thanks a ton for sharing this info.

thiago · September 11, 2017, 4:17am

yw

system · October 9, 2017, 4:17am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.