Logstah throttle filter dropping messages indefinitely

rcanzanese · November 1, 2016, 4:11pm

Trying to use the throttle plugin in logstash to drop messages if I am receiving them at too high a rate. My goal is to:

drop excess messages if more than 100 received in a 10 second window

To accomplish this, I use the config below, but it doesn't do what I expected. Instead, when I start logstash, it allows the first 100 messages through and then throttles the rest indefinitely -- all the messages received after the first 100 are dropped. How do I accomplish the goal above?

logstash 2.4.0
throttle 4.0.1

filter {
  throttle {
    after_count => 100
    period => 10
    key => "%{type}"
    add_tag => "throttled"
  }
  if "throttled" in [tags] {
    drop { }
  }
}

jsvd · November 2, 2016, 10:14am

are you using multiple workers (-w > 1) ?

rcanzanese · November 2, 2016, 3:26pm

Yes, using multiple workers.

Thomas_Schneider · January 19, 2017, 12:12pm

+1
Same Question here

Topic		Replies	Views
Every message being throttled Logstash	1	298	July 6, 2017
Throttling plugin not working with lot of messages Logstash	11	709	May 9, 2022
Throttle filter: Notify on throttle Logstash	9	1077	February 21, 2021
Throttle Moving Window Logstash	2	395	August 18, 2017
How to drop delayed events beyond a certain threshold? Logstash	2	442	July 6, 2017

Logstah throttle filter dropping messages indefinitely

Related topics