I am using packetbeat in af_paket traffic capturing mode, which give me about 30% CPU footprint on single core instance when I go for http and mysql monitoring only. As soon as I increase more header and cookie capture in http, CPU goes a little bit higher.
I am getting lots of "WARN Response from unknown transaction. Ignoring" warnings too, looks like packetbeat ignores already established connection's communication.
I am unable to find any documentation which can help me in setting up a dedicated server for packetbeat and how can I forward traffic from application servers to packetbeat instance.
Would be great if you guys can include this in documentation.
Packetbeat version info, I am using "1.0.0-beta3 (amd64)" on ubuntu 14.04.