Logstash-Filter-Elasticsearch Slow

Wayne_Taylor · December 6, 2017, 11:38pm

Hi,

I am getting slow performance when using logstash-filter-elasticsearch. Even with small volumes of data. I've tried this in multiple versions from 5.3 up to 6.0 of both ES & LS.

By way of example here is a config file:

input {
        jdbc {
        jdbc_connection_string => "jdbc:mysql://mydb"
                jdbc_user => "myuser"
                jdbc_password => "mypassword"
                jdbc_driver_library => "mysql-connector-java-5.1.42-bin.jar"
                jdbc_driver_class => "com.mysql.jdbc.Driver"
                    statement =>

		"SELECT * FROM table where id > :sql_last_value limit 250"

		tracking_column => id
		use_column_value => true
		record_last_run => true
		last_run_metadata_path => "views.txt"
    }
}

filter{
  elasticsearch {
    hosts => "https://URL:9243" 
    index => "reference"
    user => "elastic"
    password => "password"
    query => "product_code:%{[media_id]}"
    fields => [["aaa","aaa"]]
  }

filter {
           date {
                 match => ["purchase_time","YYYY-MM-dd HH:mm:ss"]
                target => "@timestamp"
           }
}


output {
  elasticsearch {
  hosts => "https://URL:9243"
  index => "myindex"
  user => "elastic"
  password => "password"
  document_type => "media"
  }

}

My ES Reference index only has a few thousand records & only 15 columns.

I was running on ES Cloud & Local Cluster (huge environments - nothing running) and observed slowness. Any ideas how i'd go about debugging.

For Local testing I ran this on my Mac Book Pro which Intel Core I7 2.7GHz 16GB Ram and SSD with macOS Sierra 10.12.6. Java Versions:

java version "1.8.0_144"
Java(TM) SE Runtime Environment (build 1.8.0_144-b01)
Java HotSpot(TM) 64-Bit Server VM (build 25.144-b01, mixed mode)

For ES Cloud I tried this on 5.6.4 and 6.0

Thanks
Wayne

magnusbaeck · December 18, 2017, 7:19pm

What does "slow" mean? How many events can you process each second?

Wayne_Taylor · December 18, 2017, 8:19pm

Slow defined as 500 documents ingest in a few minutes when it can load hundreds of thousands without it in a minute

magnusbaeck · December 19, 2017, 6:25am

That is slow, yes, but keep in mind that each event leads to an ES query that easily requires an order of milliseconds so it'll never be terribly high-performant. I'd look into the performance metrics of ES and Logstash to what's taking so much time. Is it ES itself or does Logstash add overhead? Also, have you tried raising the number of pipeline workers? Since your elasticsearch filter add latency from an external resource I'd expect Logstash to be idling a lot of the time so you should be able to raise the concurrency quite a bit.

Christian_Dahlqvist · December 19, 2017, 7:57am

It looks like you are querying a cloud instance from your laptop. Have you tried running Logstash closer to Elasticsearch to minimise latency?

Wayne_Taylor · December 22, 2017, 1:10am

Hi @magnusbaeck , increasing workers is a little faster yes . I'll add in some metrics per request.

@Christian_Dahlqvist - I've tried on a local ES cluster too and same issue. Thanks for responding though.

Wayne

system · January 19, 2018, 1:10am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Logstash pipeline using elasticsearch filter experiencing low performance Logstash	2	419	May 12, 2019
Data loading into ES index is very slow Logstash	13	5029	February 16, 2017
Logstash is very slow in sending the data to elasticsearch Logstash	18	14022	February 21, 2017
Slow Data loading to elasticsearch Logstash	15	5307	July 13, 2017
Logstash parse too slow to elasticsearch Logstash	9	2319	March 2, 2018

Logstash-Filter-Elasticsearch Slow

Related topics