Performance of Packetbeat?

hi，in our network we use packetbeat with 'af_packet' mode on readhat 6.5 (22 core CPU, 768G memory, 16 SATA disks, 10Gbs NIC) to analyze HTTP traffic which is about 4Gbps, and we find that it does not work very well, too much packets were missed. so I want to know the performance limit of packetbeat? and is there some advice from elastic for us to speedup performance of packetbeat ?

btw, I know there are some high performance solutions for packet traffic on Linux such as DPDK and so on, will packetbeat consider them? Thanks.

You might be dealing with the same issue as us several months ago: Packetbeat, af_packet and Linux 2.6.

Try disabling all segmentation offloading options on your NIC and see if that helps - it certainly did for us.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.