Transmission of logs in real time mode

Aleksandr_Terekhov · November 30, 2023, 10:23am

Hello everybody

Please tell me what the problem might be

I have a mail server on which the filebeat agent is installed, it transfers data to another server on which logstash and elastic are installed

I randomly display data with a delay of more than 7 seconds

As you can see in the screenshot, the recording time of the event on the mail server differs from the recording time in the elastic itself by 7 seconds

What could this be related to?

All VMs are on the same network in the same VLAN on the same host in VMware

sholzhauer · November 30, 2023, 11:42am

This could be a number of things:

buffering in filebeat
buffering in logstash
etc

I would recommend you to parse the events using a pipeline (either logstash or elasticsearch) and use the date filter/processor to set the @timestamp to the one in the log record.

This will make sure the records are displayed in the correct time moment.

Aleksandr_Terekhov · December 1, 2023, 2:02pm

And could you provide more practical recommendations. What parameters to pay attention to?

Thank you!

system · December 29, 2023, 2:03pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.