Hi, I have a lot of input and filters on my logstash and I've been thinking are they optimize and how can I measure logstash performance. I only monitor "heap used" and it's fine. I came up with a question. There are 2 types of logstash config file. Is there any differences between them ?
I mean in speed of events processing and parsing logs.
This is Type 1:
filter 1{
grok1 { .......... }
geoip { .......... }
ip2location { .......... }
ruby { .......... }
}
filter 2{
grok2 { .......... }
geoip { .......... }
ip2location { .......... }
ruby { .......... }
}
filter 3{
grok3 { .......... }
geoip { .......... }
ip2location { .......... }
ruby { .......... }
}
and this is Type 2:
filter1 {
grok1 { .......... }
}
filter2 {
grok2 { .......... }
}
filter2 {
grok2 { .......... }
}
filter {
geoip { .......... }
ip2location { .......... }
ruby { .......... }
}
My question is that the number of duplicate functions and filters are related to performance ?
The type 2 can be more efficient than type 1 or my guess is wrong ?
I wonder how can I measure the logstash config files performance.
I know it's a very general question but I just need a little basic ideas and basic best practices to follow.
Thank you so much.