Logstash query to text output TOO SLOW

billy6 · November 16, 2016, 12:09pm

Hello,
I have this logstash configuration >

input{
elasticsearch {
        hosts=> [ "HOST_A"]
        index =>  "logstash-syslog-2016.11.17"
        query => '{"filter" : {
            "or" : [
                {
                    "term" : { "host.raw" : "HOST1" }
                },
                {
                    "term" : { "host.raw" : "HOST2" }
                },
                 {
                    "term" : { "host.raw" : "HOST3" }
                }

            ]
        }}'

        }
        }


output {
   file{
         path => "/etc/elk/logout/SR_17_11.log"
        }
}

But it takes too much time.
Is there a way to do that query in a faster way?

magnusbaeck · November 21, 2016, 6:39am

What kind of throughput are you seeing?

system · December 19, 2016, 6:39am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.