i have 3 nodes with the following config,
Logs are received via filebeat with load balancer setup.
output.logstash:
hosts: ["node1", "node2", "node3"]
loadbalance: true
it’s currently processing about 30,000 in/out messages per second.
i’m not sure if this is fast or slow? Do you have any suggestions on how I could possibly improve the performance?
Hello,
30K logs per second seams quick. I have have a lab Graylog VM server with 12 CPU’s, 10 GB memory, and 1 TB HDD. I process about 1500-2000 per second. and a average of 30GB day.
As for improving it, not sure. Everyone environment can be different. This all depends on what devices are sending logs/syslogs, what type on INPUT used ( GELF TCP/TLS could posibably create a lot of fields), GROK patterns configured on INPUT/s, Pipelines, etc… Maybe more details about your setup would be helpfull.
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.