Logstash 7.5.1 High CPU Usage

chris_g · January 7, 2020, 7:43pm

I recently upgraded Elastic from 7.0.1 to 7.5.1. Elasticsearch and Kibana had no issues but I am having some trouble with Logstash.

When I run Logstash 7.0.1, no issues. Everything works as normal. Then, I upgraded to 7.5.1 and my CPU went through the roof. My CPU sits at 100% utilization when starting/running Logstash. We are still in pre-prd, so I have a pretty basic setup. We ingest about 15 documents a minute, so it is not ingestion volume that is causing this high utilization.

The config directory is exactly the same between 7.0.1 and 7.5.1. The logs for 7.5.1 don't indicate anything fishy going on either. I have attached it below. Any thoughts would be very helpful. Thanks.

logstash-plain.log for Logstash 7.5.1

[2020-01-07T14:25:54,661][WARN ][logstash.config.source.multilocal] Ignoring the 'pipelines.yml' file because modules or command line options are specified
[2020-01-07T14:25:54,699][INFO ][logstash.runner          ] Starting Logstash {"logstash.version"=>"7.5.1"}
[2020-01-07T14:26:03,790][INFO ][org.reflections.Reflections] Reflections took 90 ms to scan 1 urls, producing 20 keys and 40 values 
[2020-01-07T14:26:07,358][INFO ][logstash.outputs.elasticsearch] Elasticsearch pool URLs updated {:changes=>{:removed=>[], :added=>[http://elastic:xxxxxx@localhost:9200/]}}
[2020-01-07T14:26:08,098][WARN ][logstash.outputs.elasticsearch] Restored connection to ES instance {:url=>"http://elastic:xxxxxx@localhost:9200/"}
[2020-01-07T14:26:08,221][INFO ][logstash.outputs.elasticsearch] ES Output version determined {:es_version=>7}
[2020-01-07T14:26:08,228][WARN ][logstash.outputs.elasticsearch] Detected a 6.x and above cluster: the `type` event field won't be used to determine the document _type {:es_version=>7}
[2020-01-07T14:26:08,384][WARN ][logstash.outputs.elasticsearch] DEPRECATION WARNING: Connecting to an OSS distribution of Elasticsearch using the default distribution of Logstash will stop working in Logstash 8.0.0. Please upgrade to the default distribution of Elasticsearch, or use the OSS distribution of Logstash {:url=>"http://elastic:xxxxxx@localhost:9200/"}
[2020-01-07T14:26:08,456][INFO ][logstash.outputs.elasticsearch] New Elasticsearch output {:class=>"LogStash::Outputs::ElasticSearch", :hosts=>["http://localhost:9200"]}
[2020-01-07T14:26:08,493][INFO ][logstash.outputs.elasticsearch] Elasticsearch pool URLs updated {:changes=>{:removed=>[], :added=>[http://elastic:xxxxxx@localhost:9200/]}}
[2020-01-07T14:26:08,508][WARN ][logstash.outputs.elasticsearch] Restored connection to ES instance {:url=>"http://elastic:xxxxxx@localhost:9200/"}
[2020-01-07T14:26:08,517][INFO ][logstash.outputs.elasticsearch] ES Output version determined {:es_version=>7}
[2020-01-07T14:26:08,543][WARN ][logstash.outputs.elasticsearch] Detected a 6.x and above cluster: the `type` event field won't be used to determine the document _type {:es_version=>7}
[2020-01-07T14:26:08,637][WARN ][logstash.outputs.elasticsearch] DEPRECATION WARNING: Connecting to an OSS distribution of Elasticsearch using the default distribution of Logstash will stop working in Logstash 8.0.0. Please upgrade to the default distribution of Elasticsearch, or use the OSS distribution of Logstash {:url=>"http://elastic:xxxxxx@localhost:9200/"}
[2020-01-07T14:26:08,674][INFO ][logstash.outputs.elasticsearch] New Elasticsearch output {:class=>"LogStash::Outputs::ElasticSearch", :hosts=>["http://localhost:9200"]}
[2020-01-07T14:26:09,181][INFO ][logstash.outputs.elasticsearch] Using default mapping template
[2020-01-07T14:26:09,333][INFO ][logstash.outputs.elasticsearch] Index Lifecycle Management is set to 'auto', but will be disabled - Index Lifecycle management is not available in your Elasticsearch cluster
[2020-01-07T14:26:09,337][INFO ][logstash.outputs.elasticsearch] Attempting to install template {:manage_template=>{"index_patterns"=>"logstash-*", "version"=>60001, "settings"=>{"index.refresh_interval"=>"5s", "number_of_shards"=>1}, "mappings"=>{"dynamic_templates"=>[{"message_field"=>{"path_match"=>"message", "match_mapping_type"=>"string", "mapping"=>{"type"=>"text", "norms"=>false}}}, {"string_fields"=>{"match"=>"*", "match_mapping_type"=>"string", "mapping"=>{"type"=>"text", "norms"=>false, "fields"=>{"keyword"=>{"type"=>"keyword", "ignore_above"=>256}}}}}], "properties"=>{"@timestamp"=>{"type"=>"date"}, "@version"=>{"type"=>"keyword"}, "geoip"=>{"dynamic"=>true, "properties"=>{"ip"=>{"type"=>"ip"}, "location"=>{"type"=>"geo_point"}, "latitude"=>{"type"=>"half_float"}, "longitude"=>{"type"=>"half_float"}}}}}}}
[2020-01-07T14:26:09,466][INFO ][logstash.outputs.elasticsearch] Using default mapping template
[2020-01-07T14:26:09,586][INFO ][logstash.outputs.elasticsearch] Index Lifecycle Management is set to 'auto', but will be disabled - Index Lifecycle management is not available in your Elasticsearch cluster
[2020-01-07T14:26:09,587][INFO ][logstash.outputs.elasticsearch] Attempting to install template {:manage_template=>{"index_patterns"=>"logstash-*", "version"=>60001, "settings"=>{"index.refresh_interval"=>"5s", "number_of_shards"=>1}, "mappings"=>{"dynamic_templates"=>[{"message_field"=>{"path_match"=>"message", "match_mapping_type"=>"string", "mapping"=>{"type"=>"text", "norms"=>false}}}, {"string_fields"=>{"match"=>"*", "match_mapping_type"=>"string", "mapping"=>{"type"=>"text", "norms"=>false, "fields"=>{"keyword"=>{"type"=>"keyword", "ignore_above"=>256}}}}}], "properties"=>{"@timestamp"=>{"type"=>"date"}, "@version"=>{"type"=>"keyword"}, "geoip"=>{"dynamic"=>true, "properties"=>{"ip"=>{"type"=>"ip"}, "location"=>{"type"=>"geo_point"}, "latitude"=>{"type"=>"half_float"}, "longitude"=>{"type"=>"half_float"}}}}}}}
[2020-01-07T14:26:10,128][WARN ][org.logstash.instrument.metrics.gauge.LazyDelegatingGauge] A gauge metric of an unknown type (org.jruby.specialized.RubyArrayOneObject) has been create for key: cluster_uuids. This may result in invalid serialization.  It is recommended to log an issue to the responsible developer/development team.
[2020-01-07T14:26:10,146][INFO ][logstash.javapipeline    ] Starting pipeline {:pipeline_id=>"main", "pipeline.workers"=>2, "pipeline.batch.size"=>125, "pipeline.batch.delay"=>50, "pipeline.max_inflight"=>250, "pipeline.sources"=>["D:/ELK/logstash-7.5.1/config/logstash.conf"], :thread=>"#<Thread:0x677e4b9e run>"}
[2020-01-07T14:26:12,624][INFO ][logstash.inputs.beats    ] Beats inputs: Starting input listener {:address=>"0.0.0.0:5044"}
[2020-01-07T14:26:13,656][INFO ][logstash.javapipeline    ] Pipeline started {"pipeline.id"=>"main"}
[2020-01-07T14:26:14,581][INFO ][org.logstash.beats.Server] Starting server on port: 5044
[2020-01-07T14:26:15,580][INFO ][logstash.agent           ] Pipelines running {:count=>1, :running_pipelines=>[:main], :non_running_pipelines=>[]}
[2020-01-07T14:26:20,134][INFO ][logstash.agent           ] Successfully started Logstash API endpoint {:port=>9600}

logstash.conf file

input {

	jms {
		type => "jms"
        yaml_file => "D:\ELK\logstash-7.0.1\config\jms.yml"
        yaml_section => "activemq"
		interval => 0
        destination => "preprod.logging.event.q.1"
        pub_sub => false
        include_header => false
        include_properties => false
        include_body => true
        use_jms_timestamp => true
      }
	  
	jms {
		type => "jms"
        yaml_file => "D:\ELK\logstash-7.0.1\config\jms.yml"
        yaml_section => "activemq"
		interval => 0
        destination => "tst.event.logging.q.1"
        pub_sub => false
        include_header => false
        include_properties => false
        include_body => true
        use_jms_timestamp => true
      }
	  
	beats {
		type => "beats"
	    port => 5044
      } 
}

filter {

	if [type] == "beats"{
		
		if [log][file][path] =~ /(dcma-all.log)/ or [log][file][path] =~ /(dcma-user.log)/ {
			grok {
				match => { "message" => "%{IPV4:ephesoftVersion} %{CISCO_REASON:operatingSystem} %{TIMESTAMP_ISO8601:date} %{LOGLEVEL:logLevel}  (?<container>[^\s]+) %{JAVACLASS:javaClass} \- %{GREEDYDATA:body}" }
			}
		} 
		
		else if [log][file][path] =~ /(dcma_report_all.log)/ {
			grok {
				match => { "message" => "%{IPV4:ephesoftVersion} %{CISCO_REASON:operatingSystem} \[%{WORD:logLevel} %{DATESTAMP:date}]\ %{NOTSPACE:javaClass} \- %{GREEDYDATA:body}" }
			}
		}
		
		else {
			grok {
				match => { "message" => "%{TIMESTAMP_ISO8601:date} %{WORD:logLevel} (?<container>[^\-]+) \- %{GREEDYDATA:body}" }
			}
		}

		date {
			match => [ "date", "dd/MM/yyyy HH:mm:ss,SSS", "ISO8601" ]
		}
		
	}
	
	if [type] == "jms"{
	
		json{
			source => "message"
			remove_field => ["message"]
		}
		
	}
}

output {

	if [type] == "jms"{
		elasticsearch {
			hosts => ["http://localhost:9200"]
			index => "talendesb-log"
			user => "myUsername"
			password => "myPassword"
		}
	}
	
	if [type] == "beats"{
		elasticsearch {
			hosts => ["http://localhost:9200"]
			index => "ephesoft-log"
			user => "myUsername"
			password => "myPassword"
		}
	}
}

Badger · January 7, 2020, 8:04pm

I would start by taking a look at the hot threads API.

chris_g · January 7, 2020, 9:07pm

Thanks for your response. I ran the command and here is the output. Included only the top 2 results as the reply was too big. I suspect line 4 and line 65 are the culprits here...any ideas as to why both of these are at > 70%?

::: {}
Hot threads at 2020-01-07T16:00:13-05:00, busiestThreads=10:
================================================================================
74.03 % of cpu usage, state: runnable, thread name: '[main]<jms', thread id: 29
        java.util.concurrent.CopyOnWriteArrayList.iterator(CopyOnWriteArrayList.java:1078)
        org.apache.activemq.ActiveMQSession.checkMessageListener(ActiveMQSession.java:2178)
        org.apache.activemq.ActiveMQMessageConsumer.checkMessageListener(ActiveMQMessageConsumer.java:898)
        org.apache.activemq.ActiveMQMessageConsumer.receiveNoWait(ActiveMQMessageConsumer.java:678)
        sun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)
        sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        java.lang.reflect.Method.invoke(Method.java:498)
        org.jruby.javasupport.JavaMethod.invokeDirectWithExceptionHandling(JavaMethod.java:440)
        org.jruby.javasupport.JavaMethod.invokeDirect(JavaMethod.java:304)
        org.jruby.java.invokers.InstanceMethodInvoker.call(InstanceMethodInvoker.java:36)
        java.lang.invoke.LambdaForm$DMH/77334939.invokeVirtual_L5_L(LambdaForm$DMH)
        java.lang.invoke.LambdaForm$BMH/411721666.reinvoke(LambdaForm$BMH)
        java.lang.invoke.LambdaForm$MH/667447085.delegate(LambdaForm$MH)
        java.lang.invoke.LambdaForm$MH/307046074.guard(LambdaForm$MH)
        java.lang.invoke.LambdaForm$MH/667447085.delegate(LambdaForm$MH)
        java.lang.invoke.LambdaForm$MH/307046074.guard(LambdaForm$MH)
        java.lang.invoke.LambdaForm$MH/1939770262.linkToCallSite(LambdaForm$MH)
        D_3a_.ELK.logstash_minus_7_dot_5_dot_1.vendor.bundle.jruby.$2_dot_5_dot_0.gems.jruby_minus_jms_minus_1_dot_3_dot_0_minus_j
ava.lib.jms.message_consumer.RUBY$method$get$0(D:/ELK/logstash-7.5.1/vendor/bundle/jruby/2.5.0/gems/jruby-jms-1.3.0-java/lib/jms/m
essage_consumer.rb:27)
        java.lang.invoke.LambdaForm$DMH/1653844940.invokeStatic_L7_L(LambdaForm$DMH)
        java.lang.invoke.LambdaForm$BMH/1633717786.reinvoke(LambdaForm$BMH)
        java.lang.invoke.LambdaForm$MH/2041416495.delegate(LambdaForm$MH)
        java.lang.invoke.LambdaForm$MH/1381702512.guard(LambdaForm$MH)
        java.lang.invoke.LambdaForm$MH/2041416495.delegate(LambdaForm$MH)
        java.lang.invoke.LambdaForm$MH/1381702512.guard(LambdaForm$MH)
        java.lang.invoke.LambdaForm$MH/2005537360.linkToCallSite(LambdaForm$MH)
        D_3a_.ELK.logstash_minus_7_dot_5_dot_1.vendor.bundle.jruby.$2_dot_5_dot_0.gems.jruby_minus_jms_minus_1_dot_3_dot_0_minus_j
ava.lib.jms.message_consumer.RUBY$method$each$0(D:/ELK/logstash-7.5.1/vendor/bundle/jruby/2.5.0/gems/jruby-jms-1.3.0-java/lib/jms/
message_consumer.rb:69)
        java.lang.invoke.LambdaForm$DMH/1653844940.invokeStatic_L7_L(LambdaForm$DMH)
        java.lang.invoke.LambdaForm$BMH/461118575.reinvoke(LambdaForm$BMH)
        java.lang.invoke.LambdaForm$MH/130096434.guardWithCatch(LambdaForm$MH)
        java.lang.invoke.LambdaForm$MH/2136985577.identity_L(LambdaForm$MH)
        java.lang.invoke.LambdaForm$MH/331418503.delegate(LambdaForm$MH)
        java.lang.invoke.LambdaForm$MH/733357076.guard(LambdaForm$MH)
        java.lang.invoke.LambdaForm$MH/331418503.delegate(LambdaForm$MH)
        java.lang.invoke.LambdaForm$MH/733357076.guard(LambdaForm$MH)
        java.lang.invoke.LambdaForm$MH/376187927.linkToCallSite(LambdaForm$MH)
        D_3a_.ELK.logstash_minus_7_dot_5_dot_1.vendor.bundle.jruby.$2_dot_5_dot_0.gems.logstash_minus_input_minus_jms_minus_3_dot_
1_dot_2_minus_java.lib.logstash.inputs.jms.RUBY$method$run$0(D:/ELK/logstash-7.5.1/vendor/bundle/jruby/2.5.0/gems/logstash-input-j
ms-3.1.2-java/lib/logstash/inputs/jms.rb:234)
        D_3a_.ELK.logstash_minus_7_dot_5_dot_1.vendor.bundle.jruby.$2_dot_5_dot_0.gems.logstash_minus_input_minus_jms_minus_3_dot_
1_dot_2_minus_java.lib.logstash.inputs.jms.RUBY$method$run$0$__VARARGS__(D:/ELK/logstash-7.5.1/vendor/bundle/jruby/2.5.0/gems/logs
tash-input-jms-3.1.2-java/lib/logstash/inputs/jms.rb)
        java.lang.invoke.LambdaForm$DMH/1653844940.invokeStatic_L7_L(LambdaForm$DMH)
        java.lang.invoke.LambdaForm$MH/1087279177.invokeExact_MT(LambdaForm$MH)
        org.jruby.internal.runtime.methods.CompiledIRMethod.call(CompiledIRMethod.java:91)
        org.jruby.internal.runtime.methods.MixedModeIRMethod.call(MixedModeIRMethod.java:90)
        org.jruby.ir.targets.InvokeSite.invoke(InvokeSite.java:183)
        java.lang.invoke.LambdaForm$DMH/189215452.invokeVirtual_L6_L(LambdaForm$DMH)
        java.lang.invoke.LambdaForm$BMH/632521219.reinvoke(LambdaForm$BMH)
        java.lang.invoke.LambdaForm$reinvoker/933869191.dontInline(LambdaForm$reinvoker)
        java.lang.invoke.LambdaForm$MH/1381702512.guard(LambdaForm$MH)
        java.lang.invoke.LambdaForm$reinvoker/933869191.dontInline(LambdaForm$reinvoker)
        java.lang.invoke.LambdaForm$MH/1381702512.guard(LambdaForm$MH)
        java.lang.invoke.LambdaForm$MH/2005537360.linkToCallSite(LambdaForm$MH)
        D_3a_.ELK.logstash_minus_7_dot_5_dot_1.logstash_minus_core.lib.logstash.java_pipeline.RUBY$method$inputworker$0(D:/ELK/log
stash-7.5.1/logstash-core/lib/logstash/java_pipeline.rb:322)
--------------------------------------------------------------------------------
73.52 % of cpu usage, state: runnable, thread name: '[main]<jms', thread id: 31
        org.jruby.RubyHash.hashValue(RubyHash.java:504)
        org.jruby.RubyHash.internalGetEntry(RubyHash.java:577)
        org.jruby.RubyHash.internalGet(RubyHash.java:571)
        org.jruby.RubyHash.op_aref(RubyHash.java:1172)
        java.lang.invoke.LambdaForm$DMH/1938974193.invokeVirtual_L3_L(LambdaForm$DMH)
        java.lang.invoke.LambdaForm$BMH/1553142068.reinvoke(LambdaForm$BMH)
        java.lang.invoke.LambdaForm$MH/2041416495.delegate(LambdaForm$MH)
        java.lang.invoke.LambdaForm$MH/1381702512.guard(LambdaForm$MH)
        java.lang.invoke.LambdaForm$MH/2041416495.delegate(LambdaForm$MH)
        java.lang.invoke.LambdaForm$MH/1381702512.guard(LambdaForm$MH)
        java.lang.invoke.LambdaForm$MH/2005537360.linkToCallSite(LambdaForm$MH)
        D_3a_.ELK.logstash_minus_7_dot_5_dot_1.vendor.bundle.jruby.$2_dot_5_dot_0.gems.jruby_minus_jms_minus_1_dot_3_dot_0_minus_j
ava.lib.jms.message_consumer.RUBY$method$get$0(D:/ELK/logstash-7.5.1/vendor/bundle/jruby/2.5.0/gems/jruby-jms-1.3.0-java/lib/jms/m
essage_consumer.rb:15)
        java.lang.invoke.LambdaForm$DMH/1653844940.invokeStatic_L7_L(LambdaForm$DMH)
        java.lang.invoke.LambdaForm$BMH/1633717786.reinvoke(LambdaForm$BMH)
        java.lang.invoke.LambdaForm$MH/2041416495.delegate(LambdaForm$MH)
        java.lang.invoke.LambdaForm$MH/1381702512.guard(LambdaForm$MH)
        java.lang.invoke.LambdaForm$MH/2041416495.delegate(LambdaForm$MH)
        java.lang.invoke.LambdaForm$MH/1381702512.guard(LambdaForm$MH)
        java.lang.invoke.LambdaForm$MH/2005537360.linkToCallSite(LambdaForm$MH)
        D_3a_.ELK.logstash_minus_7_dot_5_dot_1.vendor.bundle.jruby.$2_dot_5_dot_0.gems.jruby_minus_jms_minus_1_dot_3_dot_0_minus_j
ava.lib.jms.message_consumer.RUBY$method$each$0(D:/ELK/logstash-7.5.1/vendor/bundle/jruby/2.5.0/gems/jruby-jms-1.3.0-java/lib/jms/
message_consumer.rb:69)
        java.lang.invoke.LambdaForm$DMH/1653844940.invokeStatic_L7_L(LambdaForm$DMH)
        java.lang.invoke.LambdaForm$BMH/461118575.reinvoke(LambdaForm$BMH)
        java.lang.invoke.LambdaForm$MH/130096434.guardWithCatch(LambdaForm$MH)
        java.lang.invoke.LambdaForm$MH/2136985577.identity_L(LambdaForm$MH)
        java.lang.invoke.LambdaForm$MH/331418503.delegate(LambdaForm$MH)
        java.lang.invoke.LambdaForm$MH/733357076.guard(LambdaForm$MH)
        java.lang.invoke.LambdaForm$MH/331418503.delegate(LambdaForm$MH)
        java.lang.invoke.LambdaForm$MH/733357076.guard(LambdaForm$MH)
        java.lang.invoke.LambdaForm$MH/376187927.linkToCallSite(LambdaForm$MH)
        D_3a_.ELK.logstash_minus_7_dot_5_dot_1.vendor.bundle.jruby.$2_dot_5_dot_0.gems.logstash_minus_input_minus_jms_minus_3_dot_
1_dot_2_minus_java.lib.logstash.inputs.jms.RUBY$method$run$0(D:/ELK/logstash-7.5.1/vendor/bundle/jruby/2.5.0/gems/logstash-input-j
ms-3.1.2-java/lib/logstash/inputs/jms.rb:234)
        D_3a_.ELK.logstash_minus_7_dot_5_dot_1.vendor.bundle.jruby.$2_dot_5_dot_0.gems.logstash_minus_input_minus_jms_minus_3_dot_
1_dot_2_minus_java.lib.logstash.inputs.jms.RUBY$method$run$0$__VARARGS__(D:/ELK/logstash-7.5.1/vendor/bundle/jruby/2.5.0/gems/logs
tash-input-jms-3.1.2-java/lib/logstash/inputs/jms.rb)
        java.lang.invoke.LambdaForm$DMH/1653844940.invokeStatic_L7_L(LambdaForm$DMH)
        java.lang.invoke.LambdaForm$MH/1087279177.invokeExact_MT(LambdaForm$MH)
        org.jruby.internal.runtime.methods.CompiledIRMethod.call(CompiledIRMethod.java:91)
        org.jruby.internal.runtime.methods.MixedModeIRMethod.call(MixedModeIRMethod.java:90)
        org.jruby.ir.targets.InvokeSite.invoke(InvokeSite.java:183)
        java.lang.invoke.LambdaForm$DMH/189215452.invokeVirtual_L6_L(LambdaForm$DMH)
        java.lang.invoke.LambdaForm$BMH/632521219.reinvoke(LambdaForm$BMH)
        java.lang.invoke.LambdaForm$MH/2005537360.linkToCallSite(LambdaForm$MH)
        D_3a_.ELK.logstash_minus_7_dot_5_dot_1.logstash_minus_core.lib.logstash.java_pipeline.RUBY$method$inputworker$0(D:/ELK/log
stash-7.5.1/logstash-core/lib/logstash/java_pipeline.rb:322)
        D_3a_.ELK.logstash_minus_7_dot_5_dot_1.logstash_minus_core.lib.logstash.java_pipeline.RUBY$method$inputworker$0$__VARARGS_
_(D:/ELK/logstash-7.5.1/logstash-core/lib/logstash/java_pipeline.rb)
        java.lang.invoke.LambdaForm$DMH/1653844940.invokeStatic_L7_L(LambdaForm$DMH)
        java.lang.invoke.LambdaForm$MH/1087279177.invokeExact_MT(LambdaForm$MH)
        org.jruby.internal.runtime.methods.CompiledIRMethod.call(CompiledIRMethod.java:91)
        org.jruby.internal.runtime.methods.MixedModeIRMethod.call(MixedModeIRMethod.java:90)
        org.jruby.ir.targets.InvokeSite.invoke(InvokeSite.java:183)
        java.lang.invoke.LambdaForm$DMH/189215452.invokeVirtual_L6_L(LambdaForm$DMH)
        java.lang.invoke.LambdaForm$BMH/632521219.reinvoke(LambdaForm$BMH)
        java.lang.invoke.LambdaForm$reinvoker/933869191.dontInline(LambdaForm$reinvoker)
        java.lang.invoke.LambdaForm$MH/1381702512.guard(LambdaForm$MH)
--------------------------------------------------------------------------------

Badger · January 7, 2020, 9:20pm

You have told the input to poll the JMS source every zero seconds. That means it sits in a tight loop doing so. The default interval is 10 seconds. Why reduce it?

I see nothing in the input or in jruby-jms that would cause different behaviour in 7.0. Is it possible your production servers are spinning on two CPUs but you do not notice because they are much larger servers?

chris_g · January 7, 2020, 9:36pm

I now keep seeing the interval is at 5s.

And I believe it might be 2 CPUs. I see 2 virtual processors in Task Manager. Can I only use one processor?

Badger · January 7, 2020, 9:56pm

Use as many threads as you need, just only two will run at a time.

chris_g · January 9, 2020, 3:46pm

Downgraded to 1 CPU on my VM and the issue still persists. Why would this behavior happen on 7.5.1 and not earlier versions? I can't imagine there was a significant change to the product between minor versions that would cause performance issues.

system · February 6, 2020, 3:46pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Another High CPU usage with Logstash Logstash	17	4508	November 26, 2019
Single thread with high CPU usage Elasticsearch	3	2610	July 6, 2017
High CPU Utilized by JAVA in single node ELK #31089 Elasticsearch	12	2619	July 19, 2018
High CPU usage of elasticsearch Elasticsearch	6	2405	July 6, 2017
High Cpu utilization Elasticsearch	6	330	May 18, 2018

Logstash 7.5.1 High CPU Usage

Related topics