Grok too slow? [solved]

MikeC · June 9, 2016, 3:39pm

Hi,

There was suggested in this thread that my grok might cause issues with the performance of my filebeat/logstash/elasticseach setup.

This is my config file

    // more if [source] checks are here
    // ....
    } else if [source] == "/var/log/upstart/webservices.log" {
        grok {
            match => {
                "message" => ".*Average per file: %{NUMBER:webservice_per_file_ms1:int} ms"
            }
        }
        mutate {
            remove_tag => [
                "beats_input_codec_plain_applied"
            ]
            remove_field => [
                "offset",
                "count",
                "audit_type",
                "message",
                "input_type",
                "beat"
            ]
        }
    }

Does anything seem un-optimized ?

magnusbaeck · June 10, 2016, 5:48am

No, I don't think there's any significant optimization potential here. Dropping the leading .* could help.

MikeC · June 10, 2016, 9:36am

thanks ! ill remove that