Transmission of logs in real time mode

Aleksandr_Terekhov · November 30, 2023, 10:23am

Hello everybody

Please tell me what the problem might be

I have a mail server on which the filebeat agent is installed, it transfers data to another server on which logstash and elastic are installed

I randomly display data with a delay of more than 7 seconds

As you can see in the screenshot, the recording time of the event on the mail server differs from the recording time in the elastic itself by 7 seconds

What could this be related to?

All VMs are on the same network in the same VLAN on the same host in VMware

sholzhauer · November 30, 2023, 11:42am

This could be a number of things:

buffering in filebeat
buffering in logstash
etc

I would recommend you to parse the events using a pipeline (either logstash or elasticsearch) and use the date filter/processor to set the @timestamp to the one in the log record.

This will make sure the records are displayed in the correct time moment.

Aleksandr_Terekhov · December 1, 2023, 2:02pm

And could you provide more practical recommendations. What parameters to pay attention to?

Thank you!

system · December 29, 2023, 2:03pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Facing delay in logs Beats filebeat	2	1124	August 2, 2019
Put an intentional delay in event transmission to Logstash Beats filebeat	9	1042	January 3, 2018
Filebeat stopped sending logs in realtime Beats filebeat	8	3864	December 7, 2018
Filebeat sends logs with delay Beats filebeat	2	1464	August 29, 2022
Not showing data from last 15 minutes Beats filebeat	8	1492	August 30, 2018

Transmission of logs in real time mode

Related topics