I upgraded elk to 8.4.1 recently, from 8.3.2. I noticed that filebeat is much slower reading our zeek logs. I configured filebeat to read from one zeek log (conn.log) and output to the console (redirected to /dev/null). With 8.4.1 on a 500k record file it takes 79 seconds to process. I then
downgraded to filebeat 8.3.2 and ran the same test, and it finished in 45 seconds.
1 Like
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.