Logstash UDP input only processing ~1000 events/sec

sip · January 26, 2017, 10:54am

I have an 8core 32GB Windows VM running LS 2.3.2 ES 2.3.3 Kibana 4.5.1 and I max out the CPUs with 4 UDP workers and process ~1,000 UDP netflow events/sec. This seems really low compared to what I have seen other rates. It is the basic input and output to ES - no filters.. Any ideas why I can't process any more with an 8core? Changing udp queue size also didn't make a difference..

input {
udp {
port => 9995
workers => 4
codec => netflow {
definitions => "c:\elk\logstash\vendor\bundle\jruby\1.9\gems\logstash-codec-netflow-2.0.5\lib\logstash\codecs\netflow\netflow.yaml"
versions => [9]
}
}
}

output {
elasticsearch {
index => "logstash_netflow-%{+YYYY.MM.dd}"
hosts => ["localhost:9200"]
}
}

magnusbaeck · January 29, 2017, 6:53pm

Have you measured what kind of indexing performance you can get from your ES cluster, i.e. have you ruled out ES as the bottleneck? 1000 events/s seems low, but it's not unreasonably low for a one-node ES cluster.

system · February 26, 2017, 6:53pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
UDP/Netflow Performance Logstash	4	2537	July 6, 2017
Netflow Codec : UDP receive errors Logstash	12	3282	May 11, 2018
Performance Issues with Logstash UDP/IPFIX Logstash	2	1864	March 21, 2017
UDP input plugin monitoring and elasticsearch output Logstash	5	1431	August 22, 2017
Pathetic Logstash performance using UDP input and Redis output Logstash	1	877	July 6, 2017

Logstash UDP input only processing ~1000 events/sec

Related topics