Why do people ship logs to Logstash with NXLog and not Logstash itself?

logging elasticsearch logstash kibana nxlog
10,089

Solution 1

The logstash-forwarder project, formerly known as "Lumberjack", explains it like so:

Resource Usage Concerns

Perceived Problems: Some users view logstash releases as "large" or have a generalized fear of Java.

Actual Problems: Logstash, for right now, runs with a footprint that is not friendly to underprovisioned systems such as EC2 micro instances; on other systems it is fine. This project will exist until that is resolved.

Transport Problems

Few log transport mechanisms provide security, low latency, and reliability.

The lumberjack protocol used by this project exists to provide a network protocol for transmission that is secure, low latency, low resource usage, and reliable.

A Logstash shipper instance isn't especially heavyweight, but if your machine only has 1-2GB of RAM it can be hard to casually allocate several hundred MB to another JVM instance.

Another consideration: what if your shipper nodes are running an OS that isn't supported by Logstash? Logstash can run on Windows, now, but it's still on the buggy side of things. I can't specifically vouch for NXLog in that area, but I gather it's a popular choice.

Solution 2

We've implemented shipping with RSyslog rather than LogStash due to a desire to keep java off of our hosts where possible. It makes the LogStash config on the loghost/filer a little more complex, but not having to keep up with Java security upgrades on front-end hosts is more of a pain than dealing with ripping logs apart on the central filer.

Share:
10,089
Vagif Abilov
Author by

Vagif Abilov

Updated on June 05, 2022

Comments

  • Vagif Abilov
    Vagif Abilov almost 2 years

    I read a blog post about setting up Logstash, Elasticsearch and Kibana, and the author suggested to use NXLog to ship logs from different machines. A typical distributed scenario presented in "The Logstash Book" shows how Logstash can be used in both shipping and indexing role. We are currently experimenting with Logstash and setting up it to ship logs to Elasticsearch was straighforward. So I wonder why people choose NXLog as a log shipper to Logstash instead of using Logstash on both ends.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Elasticsearch index much larger than the actual size of the logs it indexed?
Any open source alerting and reporting plugin for ELK stack is available?
logstash + kibana + elasticsearch web issue
Grok formatting for a custom timestamp
Integration of kibana in custom application
Getting Logstash _grokparsefailure though Grok Debugger throws no errors
Elasticsearch Data Insertion with Python
Logstash not reading file input
How to remove an event from logstash?
How to create value over time chart with Kibana 3?