Is it possible to control the interval logstash send data to elasticsearch?

Wang_Yin · May 8, 2023, 6:03pm

I'm very new to ELK, I'd like to know is it possible to control the interval logstash send data to elasticsearch?

For example, I have a simple logstash config file running in /etc/logstash/conf.d folder:

input {
  file {
       path => ["/usr/share/logstash/ncs.log"]
       tags => ["ncs"]
       start_position => "beginning"
  }
}

output {
  if "ncs" in [tags] {
  stdout { codec => rubydebug }
  elasticsearch {
    hosts => ["https://12.34.56.78"]
    index => "ncs-test-%{+YYYY.MM}"
  }
}
}

I noticed that logstash keeps sending the content of /usr/share/logstash/ncs.log to elasticsearch every 0.5 second, even when there's no change to that file. Can I change that interval, say from 0.5 second to 300 seconds?

I tried using stat_interval => 300 and discover_interval => 300 in Input plugin, but to no avail (and I'm not sure if it's the correct way to control the interval logstash send data to elasticsearch).

Any help or guidance will be greatly appreciated!

Rios · May 9, 2023, 8:13am

Should be on the level LS configuration not a .conf file.
Check pipeline.batch.delay and pipeline.batch.size and this.

system · June 6, 2023, 8:13am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.