Back in the old days with the ELK Stack, ingesting logs (and other data) was straight forward: Logstash or maybe Fluend. Today you have a lot more options: Beats have been around for a long time, but Elastic Agent is the hot new thing. And then there is also Open Telemetry that’s growing in use-cases. What’s the right choice? This talk gives a quick overview of the current options and their tradeoffs including some common scenarios and how one or more of the tools can solve your problems.

1. Logstash, Beats, Elastic Agent,
Open Telemetry
What’s the Right Choice?
Philipp Krenn @xeraa

3. Logstash
@xeraa

4. @xeraa

5. @xeraa

6. "Logstash is slow"
@xeraa

7. Beats
@xeraa

8. @xeraa

9. Lightweight Shippers
Filebeat, Metricbeat, Heartbeat, Winlogbeat,
Packetbeat, Auditbeat
@xeraa

10. With Logstash?
@xeraa

11. Enrich, Filter, JavaScript on Beats
@xeraa

12. Beats Modules
nginx, System, Docker, Elasticsearch,...
@xeraa

13. @xeraa

14. Ingest pipeline monitoring?
@xeraa

15. Elastic Agent
@xeraa

16. One Agent to Rule Them All
Beats + integrations
https://www.elastic.co/integrations/data-integrations
@xeraa

18. More Than Beats
Endpoint protection, OSQuery, eBPF, OPA
@xeraa

19. @xeraa

20. Agent Standalone
YAML
@xeraa

21. More Coming
v2 architecture, disk spooling, Kafka output,...
@xeraa

22. Open Telemetry
@xeraa

23. Traces
Metrics
Logs
@xeraa

24. "Support Elastic Common Schema
in OpenTelemetry"
https://github.com/open-telemetry/oteps/pull/199
@xeraa

25. Conclusion
@xeraa

26. Ingestion Inertia
@xeraa

27. @xeraa

28. @xeraa

29. @xeraa

30. Logstash, Beats, Elastic Agent,
Open Telemetry
What’s the Right Choice?
Philipp Krenn @xeraa