When it comes to centralizing logs to Elasticsearch, the first log shipper
that comes to mind is Logstash. People hear about it even if it's not clear
what it does:
- Bob: I'm looking to aggregate logs
- Alice: you mean... like... Logstash?
When you get into it, you realize centralizing logs often implies a bunch of
things, and Logstash isn't the only log shipper that fits the bill:
fetching data from a source: a file, a UNIX socket, TCP, UDP... processing
it: appending a timestamp, parsing unstructured data, adding Geo information
based on IP shipping it to a destination. In this case, Elasticsearch. And
because Elasticsearch can be down or struggling, or the network can be down,
the shipper would ideally be able to buffer and retry
In this post, we'll describe Logstash and its alternatives - 5 "alternative"
log shippers (Filebeat, Fluentd, rsyslog, syslog-ng and Logag... (more)