Help on ELK Cluster Setup

inhinyera16 · February 13, 2018, 8:15am

We have this small setup of ELK Cluster in Production.

ES Nodes : 4
	- 3 Master/Data Eligible nodes
	- 1 Coordinating node
Logstash : 3
	- Each running on 3 Master/Data Eligible nodes
	- LoadBalancer Enabled
		- Performs load balance to our 3 ES servers
	- Persistent Queus Enabled	
		- queue.type: persisted
		- queue.max_events: 1000
		- queue.max_bytes: 8gb
Kibana : 1
	- Running on coordinating node machine.
	
Filebeat : 5/19 installed from different servers
	- multiline_max_lines : 1000

We noticed that, whenever we add few more filebeat source, few events are coming in, sometimes there no events after all from other sources.
For example, we have a new beat source with 50k events to load in the cluster. The other sources goes to 10, a little higher or lower than that.
Then right after maybe 2 and half hours, its stable. Events are coming in smoothly. What might be the issue? Any ideas?

system · March 13, 2018, 8:15am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Two Logstash nodes. Same config. Persistent queue filling only in one of them Logstash	2	143	January 30, 2024
High cpu load, just a one node working on 100% Elasticsearch	3	315	April 25, 2022
Elasticsearch Cluster Timeouts Elasticsearch	14	2560	September 14, 2018
Filebeat traffic overwhelms ELK stack? Elasticsearch	1	730	February 14, 2017
Slow indexing speed, possibly related to filebeat misconfiguration Beats docker , filebeat	5	1000	April 7, 2023

Help on ELK Cluster Setup

Related Topics