Elastic Agent to Logstash to Kafka to Logstash to Elasticsearch: Kafka as middleware message queue

Image showing connections between {{agent}} and {{es}} using a Kafka messaging queue

Ingest model

Control path: Elastic Agent to Fleet to Elasticsearch
Data path: Elastic Agent to Logstash to Kafka to Logstash to Elasticsearch: Kafka as middleware message queue.

Logstash reads data from Kafka and routes it to Elasticsearch clusters (and/or other destinations)

Use when

You are standardizing on Kafka as middleware message queue between Elastic Agent and {es}

Notes

The transformation from raw data to Elastic Common Schema (ECS) and any other enrichment can be handled by Logstash as described in Elastic Agent to Logstash (for enrichment) to Elasticsearch.

Resources ¶

Info on Elastic Agent and agent integrations:

Fleet and Elastic Agent Guide
Elastic Agent integrations

Info on Logstash and Logstash Kafka plugins:

Logstash Reference
Logstash {agent} input
Logstash Kafka input
Logstash Kafka output
Logstash Elasticsearch output

Info on Elasticsearch:

Elasticsearch Guide