Commonly used ELK / EFK architecture

Infrastructure:
1 / Kibana ----> elasticsearch ----> Logstash (collection)

2 / Kibana ----> elasticsearch ----> filebeat (collection)

3 / Kibana ----> elasticsearch ----> Logstash (filtered) ----> filebeat (collection)

Extended Architecture:
1 / Kibana ----> elasticsearch ----> Logstash (filter) ----> redis (cache) ----> Logstash (collection)

2 / Kibana ----> elasticsearch ----> Logstash (filtered) ----> redis (cache) ----> filebeat (collection)

3 / Kibana ----> elasticsearch ----> Logstash (filtered) ----> redis (cache) ----> Logstash (forward) ---- filebeat (collection)