I want to know the best practices for Filebeat configuration. Actually, there is one Production server where I have to setup filebeat. I want to configure the filebeat in that way so that when I will start the filebeat service, it won't consume high volume of CPU and Memory. I don't want that filebeat will harm the production server in any way.
The logs that filebeat will ship is around 4 gb per day. I need your guidance here.
You didn't say if your server is Linux or Windows.
The default Linux config shouldn't have any performance issues shipping 4Gb a day.
Install from packages and use systemctl to start the service at boot. Have a reasonable test environment before making production changes. If you have a fleet of similar servers, configure all with something like Ansible to ensure the desired configuration state.
"Not harm the server in any way" is open to interpretation, no matter what, if something happens on that server after you install filebeat, in many installations, you will be blamed even it's not related
Although for safer side, I have updated max_proc to 1. Hope it will be able to ship the data smoothly.
One more Q. How much data can be ship by filebeat in following cases :.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.