- Elastic Ingest Reference Architectures: other versions:
- Ingest architectures
- Elastic Agent to Elasticsearch
- Elastic Agent to Logstash to Elasticsearch
- Elastic Agent to Logstash (for enrichment) to Elasticsearch
- Elastic Agent to Logstash to Elasticsearch: Logstash Persistent Queue (PQ) for buffering
- Elastic Agent to Logstash to Elasticsearch: Logstash as a proxy
- Elastic Agent to Logstash for routing to multiple Elasticsearch clusters and additional destinations
- Elastic Agent to proxy to Elasticsearch
- Elastic Agent to Elasticsearch with Kafka as middleware message queue
- Logstash to Elasticsearch
- Elastic air-gapped architectures
Ingest architectures
editIngest architectures
editWe offer a variety of ingest architectures to serve a wide range of use cases and network configurations.
To ingest data into Elasticsearch, use the simplest option that meets your needs and satisfies your use case. For many users and use cases, the simplest approach is ingesting data with Elastic Agent and sending it to Elasticsearch. Elastic Agent and Elastic Agent integrations are available for many popular platforms and services, and are a good place to start.
You can host Elasticsearch on your own hardware or send your data to Elasticsearch on Elastic Cloud. For most users, Elastic Agent writing directly to Elasticsearch on Elastic Cloud provides the easiest and fastest time to value. Our hosted Elasticsearch Service is available on AWS, GCP, and Azure, and you can try it for free.
Decision tree
Data ingestion pipeline with decision tree
Ingest architecture | Use when |
---|---|
Elastic Agent to Elasticsearch |
An Elastic Agent integration is available for your data source:
|
Elastic Agent to Logstash to Elasticsearch |
You need additional capabilities offered by Logstash:
|
Elastic Agent to proxy to Elasticsearch |
Agents have network restrictions that prevent connecting outside of the Elastic Agent network Note that Logstash as proxy is one option. |
Elastic Agent to Elasticsearch with Kafka as middleware message queue |
Kafka is your middleware message queue:
|
|
You need to collect data from a source that Elastic Agent can’t read (such as databases, AWS Kinesis). Check out the Logstash input plugins. |
Elastic air-gapped architectures |
You want to deploy Elastic Agent and Elastic Stack in an air-gapped environment (no access to outside networks) |