Should I use elastic search for logging without logstash

About

Asked 9/6, 2017 at 5:8 Answered 13/6, 2017 at 4:26

Solved elasticsearch architecture software-design

I'm planning on using Elasticsearch to log all my application activities (like an audit log).

Considering how I have direct control over the application, should I directly push the data into Elasticsearch using their REST APIs or should I somehow use Logstash to feed data into Elasticsearch?

Is there any reason I should use Logstash when I can directly push data into Elasticsearch? It's an additional layer to manage.

Draughty answered 9/6, 2017 at 5:8 Comment(3)

What would happen to your application logs if you need to upgrade your ES server? Where do they go while your ES is down for maintenance or for any other reason? If you don't care about that and/or if you don't need to apply any processing to your logs (geoip, grok, etc), then you don't really need logstash. – Hamrick 9/6, 2017 at 5:25

I thought I can have a failover in the ES setup to actually reduce any failures related to ES. Is that not possible for some reason in ES? – Draughty 9/6, 2017 at 5:54

If you have multiple nodes and a load balancer in front of them, you have failover. – Hamrick 9/6, 2017 at 6:2

If you need to parse different log formats (eventlog, syslog and so on), support different transports (UDP, TCP and so on) and log outputs use Logstash. If http is good for you and you collect logs only from one application use ES directly. Logstash is an additional tool. Details are here.

Bah answered 13/6, 2017 at 4:26 Comment(0)

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Recommended topics

Hot tags