Quick query about accepting data logstash or filebeat?

Hi Guys,

I have quick query and I really would appreaciate if someone can answer it?
What is the better way to accept messages from server to elastic stack if installed on same server?
I mean lets say I have apache, nginx, Windows server and couple of Linux mail servers what would you recommend to injest message in es?

through logstash to ES or through filebeat on end computers into logstash on ELK and then to ES?

Since I am not so familiar with logstash and grok patterns; I am finding bit difficult to normalize the logs hence wanted to understand the best practise? Will filebeat suffice my need?

Hello, first of all, installing Elasticsearch on the same server as your application (i.e apache, nginx, etc) is not recommended since Elasticsearch is I/O and CPU intensive.

Lastly, if you are not familiar with Logstash then you may find Filebeat Modules useful.

Yep thanks for the reply and since this is my test environment I have setup ELK components on same machine.

What is best practise would you recommend in production? Elastic on separate server and LK on separate?

This might be of your interest Scaling Elasticsearch, Kibana, Beats, and Logstash | Elastic Blog

awesome buddy!! Thanks a ton for sharing this info.

yw

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.