Hello,
As a rule of thumb, does it make sense to set a Logstash heap size equal (or proportional) to the Elasticsearch heap size, or there are other factors to take into consideration?
For instance, would an ELK stack installation where the Logstash heap size is 1/5 of the ES heap size be recommended?
Thanks in advance.
There's no correlation between the two.
Logstash should really only need a few GB at most, just enough to deal with messages it holds in its internal queue while processing.
There is much more that affects Logstash's use of JVM heap than just its internal queue. If you are doing any of the following you will increase your need for JVM heap...
If you are doing ALL of the above it is even possible that the JVM heap requirements of Logstash might even exceed those of Elasticsearch. Just yesterday we had to bump up a Logstash instance from 6GB to 8GB as it was exhausting the JVM heap. It is a small price to pay for producing truly high-quality data at very high event rates.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.