Transmission of logs in real time mode

Aleksandr_Terekhov · November 30, 2023, 10:23am

Hello everybody

Please tell me what the problem might be

I have a mail server on which the filebeat agent is installed, it transfers data to another server on which logstash and elastic are installed

I randomly display data with a delay of more than 7 seconds

As you can see in the screenshot, the recording time of the event on the mail server differs from the recording time in the elastic itself by 7 seconds

What could this be related to?

All VMs are on the same network in the same VLAN on the same host in VMware

sholzhauer · November 30, 2023, 11:42am

This could be a number of things:

buffering in filebeat
buffering in logstash
etc

I would recommend you to parse the events using a pipeline (either logstash or elasticsearch) and use the date filter/processor to set the @timestamp to the one in the log record.

This will make sure the records are displayed in the correct time moment.

Aleksandr_Terekhov · December 1, 2023, 2:02pm

And could you provide more practical recommendations. What parameters to pay attention to?

Thank you!

Topic		Replies	Views
Delay between Logstash and ES? ELK 7.16.1 [ECK] Logstash	15	2731	February 14, 2022
Important delay in the appearance of logs in Kibana Logstash	7	2842	March 9, 2017
Delay in receiving inputs Elasticsearch	2	796	September 16, 2016
Logstash has a lag in pushing events to Elastic Logstash	18	221	March 5, 2025
Significance of @timestamp in Index Patterns Elasticsearch	10	869	November 23, 2024

Transmission of logs in real time mode

Related topics