I just started to learn and experiment with ELK in a logging related
project at work.
The answer I am looking for is that: say I am shipping tons of data into
logstash, do some basic transformation, and feed the data into
elasticsearch, finally view dashboard in Kibana. How long this whole
process take under load pressure?
I know this is a very general problem statement and the answer is like to
vary depending on machines, network etc. But I want to find out a generic
way to measure this, then I can tweak different machine/network
configurations.
What I have in mind is that:
record the timestamp when generating the log entry, say t1
add another timestamp in logstash, say t2
somehow figure out a third timestamp t3, which is the time when the log
entry is available in Kibana.
Then I will monitor the difference among t1, t2, and t3 in Kibana(assuming
the time on all machines are in sync), while scaling up the log(load)
generator.
Does this sound like a viable approach? if so, can you help me with some
instructions on how to get t2 and t3? (I have been struggling with this
step)
That seems like a sane idea, however adding the 3rd timestamp might be hard.
It'd probably be easier to let ES generate @timestamp and then leverage
that as your end point timestamp, as KB is simply pulling the data from ES.
I just started to learn and experiment with ELK in a logging related
project at work.
The answer I am looking for is that: say I am shipping tons of data into
logstash, do some basic transformation, and feed the data into
elasticsearch, finally view dashboard in Kibana. How long this whole
process take under load pressure?
I know this is a very general problem statement and the answer is like to
vary depending on machines, network etc. But I want to find out a generic
way to measure this, then I can tweak different machine/network
configurations.
What I have in mind is that:
record the timestamp when generating the log entry, say t1
add another timestamp in logstash, say t2
somehow figure out a third timestamp t3, which is the time when the log
entry is available in Kibana.
Then I will monitor the difference among t1, t2, and t3 in Kibana(assuming
the time on all machines are in sync), while scaling up the log(load)
generator.
Does this sound like a viable approach? if so, can you help me with some
instructions on how to get t2 and t3? (I have been struggling with this
step)
It seems that logstash will also generate a default @timestamp, if there is
no timestamp in the log itself, I will leverage that a too.
I will also look at the bigdesk plugin to identify Elasticsearch system to
see at what moment resources are exhausted. Hopefully this combination can
give us some interesting result.
Yiming
On Thursday, January 29, 2015 at 2:01:05 PM UTC-8, Mark Walkom wrote:
That seems like a sane idea, however adding the 3rd timestamp might be
hard.
It'd probably be easier to let ES generate @timestamp and then leverage
that as your end point timestamp, as KB is simply pulling the data from ES.
On 29 January 2015 at 14:19, Yiming Li <nicn...@gmail.com <javascript:>>
wrote:
Dear all,
I just started to learn and experiment with ELK in a logging related
project at work.
The answer I am looking for is that: say I am shipping tons of data into
logstash, do some basic transformation, and feed the data into
elasticsearch, finally view dashboard in Kibana. How long this whole
process take under load pressure?
I know this is a very general problem statement and the answer is like to
vary depending on machines, network etc. But I want to find out a generic
way to measure this, then I can tweak different machine/network
configurations.
What I have in mind is that:
record the timestamp when generating the log entry, say t1
add another timestamp in logstash, say t2
somehow figure out a third timestamp t3, which is the time when the
log entry is available in Kibana.
Then I will monitor the difference among t1, t2, and t3 in
Kibana(assuming the time on all machines are in sync), while scaling up the
log(load) generator.
Does this sound like a viable approach? if so, can you help me with some
instructions on how to get t2 and t3? (I have been struggling with this
step)
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.