Hi,
I am using logstash 6.2.4 version. When I try to run any conf file at that time CPU utilization is high. So currently there is no conf file is running but still, CPU usages are high. I have attached a screenshot of the top command.
Please guide us.
No configuration file at all? Then Logstash might be in a crash loop since it won't start up properly but is constantly being restarted by systemd or whatever you're using. Make sure you have at least one configuration file.
1 Like
Thanks for the reply.
But on other Redhat system, I have used logstash.conf file for apache logs. That time also my CPU utilization is high so we thought will setup ELK on ubuntu machine and will try without any logstash.conf file. I have attached my apache access log conf file.
How many events per second is it processing? The CPU usage is proportional to the event rate, so looking at the CPU usage in isolation isn't useful.
Events means particular conf file or process?
I don't understand the question. How many events (log messages) are you processing per second?
At a time I am running only one log file.
"just one file" doesn't answer the question "what's the event rate?".
Hey,
I have no idea how to check event rate? can you please give some command to check it?
Thank you
Logstash's monitoring API should be able to help, or the metrics filter, or just manual measuring how long it takes to process a file with a given size. The exact figures aren't that important. If you're sending stuff to ES you'll probably get sufficiently good numbers if you just look at the time histogram of all events.
But right now I am not running any conf file but still cpu utilization is high.
I repeat: No configuration file at all? Then Logstash might be in a crash loop since it won't start up properly but is constantly being restarted by systemd or whatever you're using. Make sure you have at least one configuration file.
There in a configuration file in /usr/share/logstash/bin directory. For logstash starting I am using systemctl restart/start logstash command.
When run in that manner it most likely is looking for config files in /etc/logstash/conf.d.
Path is matter for cpu usage?
No, the CPU usage isn't affected by the location of your configuration files.
Hey Magnusbaeck,
Thank you for all your suggestion till yet.
I have kept a conf file in /etc/logstash/conf.d directory but still my conf file is not running after systemctl restart logstash command. CPU usage is still going high.
If you increase Logstash's logging verbosity it'll log exactly which configuration it loads (and more about what it does in general).
Hey Magnusbaeck,
Sorry, but I am not getting what you want to say. I have just started ELK learning and setup.
Please give some command or what changes is required in yaml file?
Change the log.level setting in logstash.yml, see https://www.elastic.co/guide/en/logstash/current/logstash-settings-file.html.