Grok too slow? [solved]

MikeC · June 9, 2016, 3:39pm

Hi,

There was suggested in this thread that my grok might cause issues with the performance of my filebeat/logstash/elasticseach setup.

This is my config file

    // more if [source] checks are here
    // ....
    } else if [source] == "/var/log/upstart/webservices.log" {
        grok {
            match => {
                "message" => ".*Average per file: %{NUMBER:webservice_per_file_ms1:int} ms"
            }
        }
        mutate {
            remove_tag => [
                "beats_input_codec_plain_applied"
            ]
            remove_field => [
                "offset",
                "count",
                "audit_type",
                "message",
                "input_type",
                "beat"
            ]
        }
    }

Does anything seem un-optimized ?

magnusbaeck · June 10, 2016, 5:48am

No, I don't think there's any significant optimization potential here. Dropping the leading .* could help.

MikeC · June 10, 2016, 9:36am

thanks ! ill remove that

Topic		Replies	Views
Grok/logstash efficiency Logstash	5	989	September 11, 2018
Overcome 2600 msg/seconds with Logstash/Filebeat Logstash	3	1204	July 6, 2017
Grok performance problem when parsing dots, dashs, underscore Logstash	4	2025	November 3, 2017
Grok filter help! Logstash	5	526	September 15, 2018
Slow performance Logstash/Filebeat Beats filebeat	7	1287	October 14, 2022

Grok too slow? [solved]

Related topics