Redundancy in logstash for syslog devices

Atul_Chadha · January 19, 2021, 2:32pm

We are in process of upgrading our ELK stack to 7.6 and i need suggestions on configuration for network devices ( Big IP LTM ) for example.

The current config has one logstash IP as syslog server , in an event of failure the logs dont reach the Elasticsearch servers

We have tried adding second log-stash as secondary server for syslog however this seems to generate duplicate entries on kibana

Is this a known behavior ? How we can achieve redundancy using two log-stash servers for syslog devices.

Filebeat is working fine.

system · February 16, 2021, 2:32pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Syslogs, Beat, Redundancy and Architecture Beats	2	1363	July 6, 2016
Redundancy for syslog Logstash	2	514	May 20, 2021
Have couple questions about Logstash configuration Logstash	27	5996	July 6, 2017
Rsyslog and Logstash production setup Logstash	4	543	July 6, 2017
Loadbalancing with syslog Logstash	4	3389	December 15, 2016