0

when should I use filebeat , packetbeat or topbeat ?

I am new to elk stack. I may sound silly but I am really confused over these. I would appreciate any sort of help.

rresol
  • 323
  • 4
  • 20

2 Answers2

1

It took me a while but I have figured out the solution.

  • File beat is used to read input from files we can use it when some application is generating logs in a file like elasticsearch's logs are generated in a log file , so we can use filebeat to read data from log files.

  • Topbeat is used to visualise the cpu usage , ram usage and other stuffs which are related to system resources.

  • Packetbeat can be used to analyze network traffic and we can directly log the transactions taking place using the ports on which transactions are happening.

While I was wondering about the difference between logstash and the beats platform it turned out that beats are more lightweight you need not install JVM on each of your servers to use logstash. However , logstash has a rich community of plugins with their count exceeding 200 but beats is still under development , so logstash can be used if we don't have the required protocol support in beats.

rresol
  • 323
  • 4
  • 20
0

These are all Elasticsearch data shippers belonging to Elastic's Beats family. Each beat helps you analyze different bits and pieces in your environment.

Referring specifically to the beats you mentioned:

  • Filebeat is good for tracking and forwarding specific log files (e.g. apache access log)
  • Packetbeat is good for network analysis, monitoring the actual data packets being transferred across the wire
  • Topbeat can be used for infrastructure monitoring, giving you perf metrics on CPU usage, memory, etc.

There are plenty of resources to help you get started. Try Elastic's site. I also saw a series of tutorials on the Logz.io blog.

Roy Rubin
  • 86
  • 4