Hi,
we have simple Elasticsearch installation (data + logstash + kibana). I have installed vnstat on all of them to see how much data flows between/to/from them. I expected to have logstash on top of the list (along with data) but it turned out kibana is just behind them. Can anyone tell me why is that ?
Not sure tbh (not super familiar with Kibana internals), but kibana proxies a lot of data from the server to the client. E.g. all vizualizations execute aggregations, proxy the result back to the client which transforms it into the chart/graph.
There's also a certain amount of traffic checking mappings, min/max data of indices, index health, saving kibana config, etc.
We are not that active in Kibana. Besides I measure amount of data received and sent on the Ethernet interface on both Kibana and Logstash. I thought logstash should receive much more data on eth0 than kibana. The statistics were taken between Friday and Monday so on weekend there is little (or non) Kibana activity (in terms of reporting for us).
Is there any doc/whitepaper which tells more about how data flows between each Elasticsearch component ?
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.