Does the graylog server performance decrease if there are more Streams created with multiple rules?
As it goes with so many things in IT:
You can’t simply state that “performance decreases”. However, you can say that adding multiple streams, with rules and processing will require additional processing. If your systems have ample resources, this will pose no problems whatsoever! However, if your system is already struggling, then you’ll make problems worse
So yeah: it depends.
Thanks for the reply !!!
As mentioned by others, “it depends”. We currently run about 50 odd streams in our setup, most of them have very succinct stream rules (the most complicated one checks 1 field for equality, another field with a regex) and metrics show that it has barely any impact on performance.
Pipelines though… different story
Thanks for the reply !!
This helps. I have 10 Streams running and sometimes I feel the search results are slow (only sometimes). So was wondering if number of streams directly impact the performance.
I am trying to find out other possibilities causing the delay.
slow search is most time based on elasticsearch sending back the requested results slow … But give a meaningful answer to that without know your environment and queries is nearly impossible.
Search speed is an Elasticsearch thing. Streams are in essence nothing more than a field in the stored data that contains the ID’s of a stream a message “belongs” to.
What does your Elasticsearch setup look like?
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.