Help on ELK Cluster Setup

inhinyera16 · February 13, 2018, 8:15am

We have this small setup of ELK Cluster in Production.

ES Nodes : 4
	- 3 Master/Data Eligible nodes
	- 1 Coordinating node
Logstash : 3
	- Each running on 3 Master/Data Eligible nodes
	- LoadBalancer Enabled
		- Performs load balance to our 3 ES servers
	- Persistent Queus Enabled	
		- queue.type: persisted
		- queue.max_events: 1000
		- queue.max_bytes: 8gb
Kibana : 1
	- Running on coordinating node machine.
	
Filebeat : 5/19 installed from different servers
	- multiline_max_lines : 1000

We noticed that, whenever we add few more filebeat source, few events are coming in, sometimes there no events after all from other sources.
For example, we have a new beat source with 50k events to load in the cluster. The other sources goes to 10, a little higher or lower than that.
Then right after maybe 2 and half hours, its stable. Events are coming in smoothly. What might be the issue? Any ideas?

system · March 13, 2018, 8:15am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Two Logstash nodes. Same config. Persistent queue filling only in one of them Logstash	2	143	January 30, 2024
Load balancing Logstash	1	1096	September 28, 2017
High cpu load, just a one node working on 100% Elasticsearch	3	318	April 25, 2022
Regarding Logstash Persistent Queus Logstash	1	259	June 22, 2018
Elasticsearch Cluster Timeouts Elasticsearch	14	2580	September 14, 2018

Help on ELK Cluster Setup

Related topics