Hi,
I am curious to know the performance of packetbeat. If anyone tested with more requests, could you please post metrics and capabilities of packetbeat like how many requests you tried, what is cpu, network utilisation of packetbeat.
Thanks
Harsha
Dear Harsha,
Even I am curious for the same.. I am using packetbeat to monitor HTTP application and packetbeat consumes somewhere between 5~20% cpu and network load is huge since it also logs the request parameters..
Network load will be combination of request, type of request and # of request over time..
Let me know if more information is needed..
Regards,
Thank you @talk2cshah for sharing this info. With this occasion, I would like to encourage also the other users to share here the CPU usage of any of the Beats, not only Pacektbeat.
Unfortunately we don't have any official numbers for Packetbeat, but when we tested last time it was in the same range as @talk2cshah described. We are planning to do some proper benchmarking of all Beats.
Thanks @monica. Keep me posted on the progress of benchmarking.. I think it is really important to win customer and CXO mindset and over come their objections.
If we take POC approach every where, it is kind of difficult for selling....
Regards,
I tested with nginx(http) at various loads. I can see that for
500 requests/sec it is taking approx 10% cpu (on 8 core cpu Intel 3.16GHz) and 350MB RAM
1000 requests/sec it is taking approx 15% cpu (on 8 core cpu Intel 3.16GHz) and 400MB RAM
1500 requests/sec it is taking approx 20% cpu (on 8 core cpu Intel 3.16GHz) and 450MB RAM
For 2000 req/sec on a single interface, I can see loss of transactions from packetbeat (discussing in other thread about loss- still debugging)
About network utilisation outgoing bandwidth in case output is configured outside of this machine, It is around 10MBps for 2000req/sec.
Note: All this load was on nginx default page(/) which is a static html page.
Thanks for the info.
You running on VM or bare-metal? Machine specs?
Which output are you using with packetbeat (btw. we just merged gzip compression to elasticsearch output)?
HI Harsha,
What is your assessment in terms of resource utilization .. any objection around it by team or customer...
or compared against any tool...
Regards,
Iam running nginx and packetbeat inside docker containers and output we are using is redis.
Machine specs: 8 core 3.16Ghz processor, 16GB RAM, 1Gig network card.
Need to discuss with team little bit more and see any other architecture if we can use to speed it up.
Keep us posted on your findings...
which packetbeat version are you testing with? Version 5.x adds flows support (can be disabled) which might slow down processing a bit (to be optimized before GA), but HTTP parser has been enhanced a little. Getting some packetbeat profiling would be nice. Profiling requires some golang environment being setup, but can be done remotely.
How much CPU does packetbeat take when processing ~2000req/sec? Seeing packet loss with packetbeat not even using 100% CPU hints at output queues start blocking or sniffer being implementation being inefficient (too much waiting due to poll syscall).
Pre 5.0 alpha releases the output queues have been able to block processing new packets. This has been changed to: Drop transaction if output queue is full (https://github.com/elastic/beats/blob/master/packetbeat/publish/publish.go#L53), but continue processing packets. This should help with packet-loss itself and packetbeat dropping internal stream state. Testing packetbeat with file output or console output to /dev/null (output prints to stdout, logging system prints to stderr) would be interesting.
The sniffer is currently implemented by: https://github.com/tsg/gopacket
The package contains a sample tool to sniff packets and prints some stats every N packets in subdirectory examples/pcapdump.
This topic was automatically closed after 21 days. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.