Where should logstash live? Cloud vs OnPrem

Mike_Hakopyan · November 14, 2017, 12:09am

I'm very new to LogStash and Elasticsearch. I'd like to know where to install Logstash; on prem or cloud? I have multiple locations where I'd be collecting log files with Beats and shipping to Logstash, then to Elasticsearch hosted on the cloud. Finally visualizing with Kibana. I don't want these log files being copied or shipped accross WAN links every day. Ideally I'd like for the log files to flow over via our Internet pipe to a hosted environment for Logstash.

Any use cases similar to mine would be nice to read.

warkolm · November 14, 2017, 5:17am

There's three main options;

Filebeat > local Logstash -> remote Elasticsearch
Filebeat > remote Logstash -> remote Elasticsearch
Filebeat > local Logstash -> local Elasticsearch + CCS cluster

With 2 you would then use cross cluster search to pull the aggregated data to the CCS cluster and visualise that with Kibana.

Aren't these the same thing?

Mike_Hakopyan · November 14, 2017, 9:10pm

So in the case of option 2 where Logstach is remote, what are some services that I can use for that? AWS? or is there such services like Elastcisearch where a complete turnkey environment can be setup on the cloud?

warkolm · November 14, 2017, 9:47pm

You can use Logstash on GCP/Azure/AWS or any other cloud provider.

system · December 12, 2017, 9:47pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.