Filebeat performance issue

kalman · May 21, 2017, 6:43am

I'm using filebeat 5.4.4 on windows to harvest from log file directly to elastic stack, the requirement is that the logs come in to elastic as soon as possible (near real-time).
for some reson the logs only show up in kibana about 5 seconds later, after the events come in the last one comes in with a additional delay of a second

my filebeat cofig:

filebeat.prospectors:
- input_type: log
  paths:
    - C:\var\log\*.log

    exclude_lines: ["^}"]
   fields:
      Host: myhost
   fields_under_root: true
filebeat.idle_timeout: 500ms
output.elasticsearch:
  hosts: ["localhost:9200"]
  index: "my-index-%{+yyyy.MM.dd}"
  pipeline: my_pipeline
  template.name: "my_template"
  template.enabled: true

ruflin · May 22, 2017, 1:19pm

Have a look at the backoff variables: https://www.elastic.co/guide/en/beats/filebeat/5.4/configuration-filebeat-options.html#_backoff

kalman · May 23, 2017, 9:53am

thank you for the replay, I saw some difference in performance
Is there a recommended setting that is recommended for events to come in near real time and not make the system overload

I set the backoff to 500ms
and max_backoff to 2s

can I set max_backoff to 500ms?

ruflin · May 23, 2017, 1:57pm

I would not recommend a backoff < 1s but there is no lower limit. As you mentioned correctly, the lower the number the higher the overhead. Best test it on your system on how far you can go ...

Topic		Replies	Views
Filebeat publishing events delay (windows) Beats filebeat	2	589	June 19, 2017
Filebeat sends logs with delay Beats filebeat	2	1675	August 29, 2022
How to reduce filebeat lag time? Beats filebeat	6	6568	March 2, 2017
Filebeat is not reading the log file in real time Beats filebeat	14	5928	February 16, 2021
Suggestion improving filebeat performance Beats filebeat	3	1263	November 24, 2017

Filebeat performance issue

Related topics