Hi,
It's my first setup of Logstash,
I already have a 3 nodes ES cluster from a while, which receive Filebeat / Metricbeat datas.
I setup my Logstash server to receive Netflow (Small ISP size network w/ 6k customers), I use Pipeline from elastiFlow github project.
Actually my Logstash node got 12 vCPUs and 12Gb RAM and the only "tweak" I done is change this :
-Xms9g
-Xmx9g
in the jvm.options.
My node (from Kibana Xpack monitoring receive on avg 1300 flow/s) and have very high Load/CPU usage (load 1m at 15 constantly) and Memory is not used at full usage (3G available not cached).
The VM run on a 16vCPU physical server, which got high usage too, only due of the Logstash VM.
Do you have any recommandation to slow down a little bit the CPU and use all the ram ? I can add more ram if needed.
Thank you Elastic community !