I have a cluster, from which I want to send logs to Elasticsearch and show it in Kibana.
My question is - can I install on every server (in the cluster) the Filebeat agent and send the log directly to Elasticsearch (it's on another server)? Or do I have to send the logs into a Logstash and then forward the data from the Logstash into the Elasticsearch?
If it is possible to send it directly, how should I configure the Filebeat agents? Right now I have just set the path for the log file and the Elasticsearch server address. But the data in Kibana look messed up a bit... And it looks like not all the agents send the data successfully...
Another question - if I setup the Elasticsearch cluster in the future, should I somehow configure the Filebeat agents for it? Or will the IP address still be only one and the Elasticsearch cluster will solve it internally?
Thank you very much for the answeres, I have read the documentation and google this "problem" as well, but I'm still a little bit lost.