Pure guess from fastest to slowest I would go with:
2,3,1
But that is pure guess, I would think you are not getting any interest because we're all very nerdy scientific-ish people who know that the only way to know is to benchmark it on a big enough sample to reveal variance, if any variance is to be found.
Consider that you can configure filebeat to output events to a local file or the console or filebeat own logs... To eliminate the factor of sending to a "true" output with latencies and all (which is not what you want to benchmark).
So you could, for example use a simple time command to start filebeat interactively in your terminal while it's configured to output to a really fast output mentioned above.
With a big enough input sample of like 50/50 events to be droped/kept, with the once command flag and a fast output, multiple runs to eliminate inter-test variance and outliers. I'm guessing you'd be able to time filebeat performance and get a definitive answer.
Appreciate the response! I was hoping whoever wrote the drop_event code to just know, but your guess is the same as mine. In a perfect world, all 3 would have the same runtime .
I'll stick to using #2, and if performance ever becomes a problem, I'll spend some time benchmarking. Thanks!
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.
.