Which is a better way?

Hi guys,

I am using elasticsearch php-api to write logs directly to Elasticsearch.

There is another way that I put the logs to local machine, then filebeat send logs to logstash, then finally to Elasticsearch.

My colleague said that the latter one is better, since my way goes through the HTTP protocol.

Which is better?

I'd say the second one, because it means you don't have to maintain the code to talk to ES yourself, just write to file.

Yes, apart from the point you mentioned, can I use the first one solution to production?

If you want, sure.

1 Like

Two additional points:

  1. What happens if Elasticsearch is not reachable from your application? Does it handle that gracefully or does it introduce failures / you need to wait for requests to time out? Degraded logging should probably not impact your production system.

  2. Logging to a JSON file and then inserting that directly into Elasticsearch with Filebeat could be a good solution as well. Monolog (https://github.com/Seldaek/monolog) is pretty widely used and can do it. Alternatively it supports Logstash and Elasticsearch outputs directly as well.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.