Filebeat vs 直接将日志从应用程序推送到 logstash
[英]Filebeat vs Directly pushing logs to logstash from application
问题描述
I am planning to architect a centralized logging system for one of our project which has multiple components written in Java, Python & Scala.
我计划为我们的一个项目构建一个集中式日志系统,该项目具有多个用 Java、Python 和 Scala 编写的组件。 I want to collect logs from different parts ( REST Server, Spark Jobs, Airflow server ) to logstash and index into Elastic search.我想从不同部分(REST 服务器、Spark 作业、Airflow 服务器)收集日志到 logstash 并索引到弹性搜索中。 I could see there are direct libraries in both Python & Java logging modules to push logs directly to logstash from application.我可以看到Python和Java日志记录模块中都有直接库,可以将日志直接从应用程序推送到 logstash。 And I could see filebeat which can be configured on servers to push logs to logstash from files.我可以看到 filebeat,它可以在服务器上配置以将日志从文件推送到 logstash。 What is the advantage of having filebeat rather than sending logs directly to logstash?使用 filebeat 而不是直接将日志发送到 logstash 有什么好处? What is the best practice?最佳做法是什么?
2 个解决方案
解决方案1
5 已采纳 2019-04-17 06:22:30
Here are a few pros and cons of both approaches:以下是这两种方法的一些优缺点:
Application Logs => Logstash应用程序日志 => Logstash
Pros:优点:
- Lesser components to manage and straight forward pipeline更少的组件来管理和直接的管道
Cons:缺点:
- Congestion at Logstash or its outage may adversely affect your application Logstash 的拥塞或其中断可能会对您的应用程序产生不利影响
- Changes to log destination may require you to redeploy or restart your application对日志目标的更改可能需要您重新部署或重新启动您的应用程序
Application Logs => Filebeat => Logstash应用程序日志 => Filebeat => Logstash
Pros:优点:
- Filebeat is a lightweight utility which allows you to decouple your log processing from application logic Filebeat 是一种轻量级实用程序,可让您将日志处理与应用程序逻辑分离
- Change of log destination is a breeze, and it natively supports load-balancing among multiple instances of logstash destinations更改日志目的地是一件轻而易举的事,它本身支持多个 logstash 目的地实例之间的负载平衡
- Logs can be enriched with additional fields, or you can perform conditional processing of logs just by changing filebeat configurations, eg send logs for customer A to Logstash A可以用额外的字段丰富日志,或者您可以仅通过更改 filebeat 配置来执行日志的条件处理,例如将客户 A 的日志发送到 Logstash A
- Logs are buffered locally and will be reliably transferred to Logstash even if logstash process gets restarted or becomes unavailable for a certain amount of time (Provided your log files remain on the disk to be consumed by filebeat and has appropriate configs)日志在本地缓冲并可靠地传输到 Logstash,即使 logstash 进程重新启动或在一定时间内变得不可用(前提是您的日志文件保留在磁盘上以供 filebeat 使用并具有适当的配置)
Cons:缺点:
- Another component to manage in your application architecture在您的应用程序架构中管理的另一个组件
- Requires additional system resources (usually does very lightweight processing)需要额外的系统资源(通常进行非常轻量级的处理)
解决方案2
0 2019-04-16 06:54:33
Filebeat and other beats can directly send the message to ES but there are addition advantages while using logstash. Filebeat等beats可以直接将消息发送给ES,但是使用logstash还有其他优势。
- you can use filters in logstash based on inputs.您可以根据输入在 logstash 中使用过滤器。
- It support Grok filter and other filter plugins like csv, xml and many more.它支持 Grok 过滤器和其他过滤器插件,如 csv、xml 等等。
- It supports multiple codecs它支持多种编解码器
- you can use logstash as single point to control all pipelines您可以使用 logstash 作为单点来控制所有管道
- logstash can be monitored via Kibana GUI.可以通过 Kibana GUI 监控 logstash。
- Logstash management is easy and can be performed via Kibana GUI. Logstash 管理很简单,可以通过 Kibana GUI 执行。
- Filebeat only support files as input but logstash support large array on inputs type Filebeat 仅支持文件作为输入,但 logstash 支持大数组输入类型
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.