Logstash query to text output TOO SLOW

billy6 · November 16, 2016, 12:09pm

Hello,
I have this logstash configuration >

input{
elasticsearch {
        hosts=> [ "HOST_A"]
        index =>  "logstash-syslog-2016.11.17"
        query => '{"filter" : {
            "or" : [
                {
                    "term" : { "host.raw" : "HOST1" }
                },
                {
                    "term" : { "host.raw" : "HOST2" }
                },
                 {
                    "term" : { "host.raw" : "HOST3" }
                }

            ]
        }}'

        }
        }


output {
   file{
         path => "/etc/elk/logout/SR_17_11.log"
        }
}

But it takes too much time.
Is there a way to do that query in a faster way?

magnusbaeck · November 21, 2016, 6:39am

What kind of throughput are you seeing?

system · December 19, 2016, 6:39am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Logstash elasticsearch output plugin takes extremely long time Logstash	5	1218	December 11, 2017
Logstash creating multi GB syslog log file & saving queries output in plain text! Logstash	3	429	July 19, 2019
How to improve performance of elasticsearch input in Logstash Logstash	4	1477	July 6, 2017
How to improve Logstash configuration for outputs Logstash	2	208	April 29, 2022
How to improve the speed of Logstash output to Elasticsearch? Logstash	8	1070	December 1, 2019

Logstash query to text output TOO SLOW

Related topics