I have a litte trouble understanding filebeat. What can I do with filebeat that I cannot do with logstash? I use logstash to load a bunch of logfiles into ElasticSearch. This works fine. What problem does filebeat solve? It requires an installation on at least 1machine as I understand, so that makes things more complicated in my opinion.
Hi,
it is running without java. it is lightweight.
Logstash is very powerful and if you really use a lot of logic inside logstash you should stay there. But if you just use some default input like syslog and no other special filters then it is quite easy to use Beats. They have really cool modules to handle a lot of common logs.
These are formated to the ECS, https://www.elastic.co/guide/en/ecs/master/index.html, this helps a lot for correlation and internal usage.
Often it is used in combination. The beats are used as agents and send all to logstash where the data will be enriched with more data.
I have replaced a lot of unneeded logstashes and saved like multiple gigabyte of ram and I got rid of java on most machines. One software less to update and keep track of.
2 Likes
Yeah.
See filebeat as a data collector and shipper.
See Logstash as an ETL which can process data.
Note that you can also process data in elasticsearch with ingest pipelines. Not with the whole power Logstash is providing but yet with a lot of great features.
1 Like
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.