Hello team,
We are getting around 900gb of logs per per day and i want to process on realtime but in logstash i am getting circuit breaker as of now.. We have used 10 servers 4 for logstash and 6 for elasticsearch.. Logstash has 2 grok pattern and location filter.. Elasticsearch has 6 servers where, 3 are master+data and 2are only data and one is neither master no data.. All elasticsearch servers have 31g of ram and no modification is done either at elasticsearch end and logstash end.. But as data is increasing we are getting too much circuit breaker exception and stall slowdown error.. What is best architecture we can have and what configuration we can do at filebeat end and also at elasticsearch and at logstash end #elasticsearch #logstash #kibana #beats:filebeat as of now if i see at marvel i donot see indexing rate more than 8000/sec and also does any one suggest on messaging queue like kafka as in like beat > logstash with no filter->kafka with 2 day retention -> logstash withh filter and grok->elasticsearch ->kibana