Logstash UDP input keeps losing data

co88liwan · April 26, 2022, 6:08am

Hi there,

We encountered an issue that Logstash input UDP plugin consistently losing data.

From tcpdump analysis we know the data indeed reached the VM, I also tested with Logstash file output plugin and I saw the data is missing in the output file so I can pretty sure the UDP input does not ingest all of them from host machine network stack.

I wonder if the Logstash UDP input dropped packets, do you know where can I get information on that?

Anyone has similar issue can you please educate me where is the entrypoint to fix this issue? I tried to double the UDP queue_size and pipeline.batch.size, but not ideal.

Thanks for your help!

Badger · April 26, 2022, 5:11pm

UDP is not a reliable transport. By design, it will drop messages if it does not have space to buffer them. I think your only options are to increase the queue size in the logstash input or increase the buffering in the TCP stack itself.

co88liwan · April 27, 2022, 12:24am

Thanks @Badger , I will try that.

system · May 25, 2022, 12:25am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Logstash Input UDP problem Logstash	2	1455	July 6, 2017
Data loss using UDP input plugin Logstash	19	5146	July 6, 2017
Logstash input udp drops? Logstash	9	2516	July 6, 2017
Logstash UDP input buffer Logstash	8	829	January 9, 2021
Logstash data Loss Logstash	4	1853	July 6, 2017

Logstash UDP input keeps losing data

Related topics