Performance of Packetbeat?

foxfire881 · January 18, 2018, 10:54am

hi，in our network we use packetbeat with 'af_packet' mode on readhat 6.5 (22 core CPU, 768G memory, 16 SATA disks, 10Gbs NIC) to analyze HTTP traffic which is about 4Gbps, and we find that it does not work very well, too much packets were missed. so I want to know the performance limit of packetbeat? and is there some advice from elastic for us to speedup performance of packetbeat ?

btw, I know there are some high performance solutions for packet traffic on Linux such as DPDK and so on, will packetbeat consider them? Thanks.

KBuev · January 23, 2018, 4:35pm

You might be dealing with the same issue as us several months ago: Packetbeat, af_packet and Linux 2.6.

Try disabling all segmentation offloading options on your NIC and see if that helps - it certainly did for us.

system · February 20, 2018, 4:35pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Missing packets of packetbeat? Beats	7	1401	February 8, 2018
Packetbeat performance SPAN Beats packetbeat	1	781	September 21, 2017
Packetbeat drop packets as internet speed increase above 3.5 MB/s Beats packetbeat	1	525	September 16, 2019
Did anyone test performance of packetbeat? Beats packetbeat	11	3806	June 27, 2016
Packetbeat performance and sizing Beats packetbeat	3	527	September 17, 2021

Performance of Packetbeat?

Related topics