I am new in ELK. I have setup a kibana, logstash and elasticsearch on a server and it receives data from a series of VM on aws with filebeat.
I have configured a few prospectors on filebeat on each VM to collect log from different location in the VM. Those logs from different location wll be stored in different indices respectively. It seems to me that certain log collection has some delay. Some log not appear on ELK even after it has been generated on the VM after an hour.
I want to minimize the delay but i don't know where to start. The cpu or ram or network usage on ELK server and AWS are not significantly drained during the day but still it seems that the log collection rate are not fast enough. So I don't know where to improve.
Any advice?
What instance types are you using? What type and size of storage are you using? How many indices are you actively indexing into?
I have only one single node....it should be master node. We use internal HDDs of the server as the storgae and it is about 2TB. It is used up about 13 % only. we have 8 active indices. We are collecting log from about 14 VMs around the world.
Indexing is often I/O intensive so I would recommend looking at disk utilisation and iowait.