Hi all,
I m curently upgrading our elasticsearch single node from 1.4.2 to 6.1. The new version is installed on a new server but the new logstash receive the same data (mainly logs). I have a really strange behavior, The new server write continuously 100-150 M/s (info from iotop) and the old one only a few M/s. I have the same behavior when I do a request, the new server read about 100-150 M/s and the old one only a few M/s.
I have no idea how to analyze this. Any help welcome.
Regards
There are more data structures in recent versions of elasticsearch than in very old ones. Like doc values. That might explain.
You need to compare both mappings by the way to check how much they differ.
Hi,
Thanks for you reply, it is almost the same logstash config except the syntax that I had to modify. for example:
old:
pattern => [ "%{CISCO}", "%{CISCO2}" ]
new:
match => { "message" => [ "%{CISCO}", "%{CISCO2}" ] }
So the mapping is almost the same.
Regards
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.