Logstash UDP input keeps losing data

co88liwan · April 26, 2022, 6:08am

Hi there,

We encountered an issue that Logstash input UDP plugin consistently losing data.

From tcpdump analysis we know the data indeed reached the VM, I also tested with Logstash file output plugin and I saw the data is missing in the output file so I can pretty sure the UDP input does not ingest all of them from host machine network stack.

I wonder if the Logstash UDP input dropped packets, do you know where can I get information on that?

Anyone has similar issue can you please educate me where is the entrypoint to fix this issue? I tried to double the UDP queue_size and pipeline.batch.size, but not ideal.

Thanks for your help!

Badger · April 26, 2022, 5:11pm

UDP is not a reliable transport. By design, it will drop messages if it does not have space to buffer them. I think your only options are to increase the queue size in the logstash input or increase the buffering in the TCP stack itself.

co88liwan · April 27, 2022, 12:24am

Thanks @Badger , I will try that.

system · May 25, 2022, 12:25am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Logstash data Loss Logstash	4	1853	July 6, 2017
UDP input plugin monitoring and elasticsearch output Logstash	5	1429	August 22, 2017
Sizing for udp/tcp (syslog type) Logstash	11	1234	July 6, 2017
Lost gelf logs Logstash	5	1342	May 8, 2017
Logstash input UDP netflow codec - BUG? Logstash	1	496	September 29, 2017

Logstash UDP input keeps losing data

Related Topics