What is the best setup for Beats and ELK stack

congpine · November 29, 2015, 11:33am

Hi,
This is the setup that I'm currently trying to achieve few months ago with Logstash Forwarder:
LF --> Logstash --> Redis -> Logstash Indexer --> Elasticsearch --> Kibana
However, as Logstash Forwarder will be depreciated soon , I will replace it with Beats tools(Filebeat, packetbeat).
I can see Beats has an output configuration directly to ElasticSearch.
On each monitored node, I will install filebeat to ship certain logs and packetbeat to capture network packets info .

Should I still use the same setup above or connect Beats directly ES ?

What would be the recommended setup?

Thanks

Cong Nguyen

vtst2412 · November 29, 2015, 8:01pm

For packetbeat and topbeat, it is certainly fine to forward events directly to ES as they have boilerplate format and template. However, with filebeat, I would recommend using logstash to "massage the data".

ruflin · November 30, 2015, 8:37am

The recommended setup is as @vtst2412 described it:

Topbeat and Packetbeat directly to Elasticsearch
Filebeat through logstash if you need your log files analysed

congpine · November 30, 2015, 11:35am

thanks, guys.

Topic		Replies	Views
Logstash like forwarder of beats. Why? Benefits? Logstash	5	561	September 1, 2019
Conflicted about Beats, Logstash and ES Beats	3	520	August 3, 2016
Beats require setup with elasticsearch as the output before using logstash as the output Logstash	1	194	March 4, 2021
Help jump from logstash to beats Beats filebeat	6	929	December 11, 2017
Beats via Logstash and Elasticsearch Beats	3	445	September 5, 2018

What is the best setup for Beats and ELK stack

Related Topics