Radu Gheorghe

Subscribe to Radu Gheorghe: eMailAlertsEmail Alerts
Get Radu Gheorghe: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn

Top Stories by Radu Gheorghe

When it comes to centralizing logs to Elasticsearch, the first log shipper that comes to mind is Logstash. People hear about it even if it's not clear what it does: - Bob: I'm looking to aggregate logs - Alice: you mean... like... Logstash? When you get into it, you realize centralizing logs often implies a bunch of things, and Logstash isn't the only log shipper that fits the bill: fetching data from a source: a file, a UNIX socket, TCP, UDP... processing it: appending a timestamp, parsing unstructured data, adding Geo information based on IP shipping it to a destination. In this case, Elasticsearch. And because Elasticsearch can be down or struggling, or the network can be down, the shipper would ideally be able to buffer and retry In this post, we'll describe Logstash and its alternatives - 5 "alternative" log shippers (Filebeat, Fluentd, rsyslog, syslog-ng and Logag... (more)