Delay in beats documents to get stored into Elasticsearch

vipulnewaskar7 · July 11, 2019, 9:03am

Hello Guys,

I am having a monitoring stack, in which, I am sending beats data directly to elasticsearch without logstash in between.
Data sent by beats is not get stored in elasticsearch immediately. It lags ~4-5 Min, and lag increases further after certain period.
ElasticSearch Version: 6.7
I am not using for prod environment, hence, I have kept
only 1 master node, 1 data node and 1 client node.
Master and Data Node have 2-2 Gi of RAM and 1 Gi of heap space.
Client Node has 4 Gi RAM and 2 Gi heap space.

*I know this isn't a recommended architecture, but, I am using it just for dev environment at non-critical level, and I have to use this in limited resources.

What changes I should do in architecture/configuration like flush_time, queue_size, etc.?

vipulnewaskar7 · July 11, 2019, 1:04pm

One thing I have observed is,
When data is not reaching the elasticsearch,

Beats keep data stored in their queues/spools
when I restart elasticsearch client node, all of a sudden, data starts getting stored in the elasticsearch.

Just to give you an idea about the size of data,
It's hardly 10000 Documents per minute, each document being 2-3 kb
In short 20-30 MB per minute.

system · August 8, 2019, 1:04pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
About the time spent when output to elasticsearch Beats filebeat	7	802	September 5, 2018
Log file size of elasticsearch Elasticsearch	6	3748	July 5, 2017
Bottleneck Data Pipeline Beats filebeat	8	518	January 12, 2019
Filebeat to Elasticsearch log shipping is very slow Elasticsearch	9	2073	July 23, 2018
Beats configuration help Beats	6	335	March 11, 2020

Delay in beats documents to get stored into Elasticsearch

Related topics