Benchmarking ELK 6.3

rajisankar · November 8, 2018, 10:50pm

Hi,

I am running a 3-node ELK 6.3 cluster. The use case is simple and generic. A bunch of machines generate logs, Filebeat ships those logs to one Logstash instance (What!! can Logstash handle it? yes, for now, Elasticsearch seems to be the bottleneck) which sends to Elasticsearch.

I have a set of automated scripts that start the benchmarking, runs for a while and the x-pack monitoring dashboard gives me the indexing speed, CPU Utilization %, Memory Usage et al.

I came across Rally today and was intrigued as it was Out-of-box solution for benchmarking Elasticsearch. But, that seems to be very specific to Elasticsearch. I would be happy to just benchmark my Elasticsarch for now, but i need the whole workflow. Logs shipped from filebeat->Logstash->Elasticsearch.

Is this possible to do with Rally? We can create custom tracks in Rally but those seem to have data files in the tracks. This translates to having all logs in the track, but can these custom tracks be used to generate logs, have filebeat, logstash do its thing and we just benchmark the Elasticsearch? If it is possible, i would just call my automated scripts in these tracks which initiates the log generation process.

Also, any reviews on Rally, like how easy it is to use? Issues faced etc would be highly appreciated.

danielmitterdorfer · November 16, 2018, 9:49am

Hi Raji,

you are correct that Rally is meant to benchmark Elasticsearch directly. At the moment it cannot handle the use-case that you are after because you actually want to benchmark multiple products at once. Btw, you can actually generate data on the fly as well with Rally and don't need to create data files completely upfront but it is still Rally that applies the load and you'd need to mimic Filebeat's or Logstash's behavior and this may or may not be practical.

For your benchmark I suggest you read Seven Tips for Better Elasticsearch Benchmarks. While the topic of the blog post is Elasticsearch, there are several tips in there that apply to benchmarking in general. Specifically, I suggest you checkout the USE method to identify where your actual bottleneck is. If it turns out that Elasticsearch is indeed the bottleneck, we have documented a few tuning tips for indexing speed.

Daniel

system · December 14, 2018, 9:49am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.