I am using ES to ingest flow data from other application, but I found that the speed isn't high enough, so sometimes it would drop flow.
How can I change the setting of ES performance ?
I have seen the elasticsearch.yml, jvm.options and log4j2.properties, but there seems no setting about ES performance.
Thanks a lot.
The speed of which parts exactly?
the speed of ES receive data from other application.
How are you indexing into Elasticsearch? What version are you on? What hardware? Are you using bulk?
I connect ES with nProbe to collect flow data.
version 5.6
2 core CPU, 8G RAM
receive speed about : [362.6 Flows/s]
could I speed it up?
what is bulk ><
If nProbe is sending to Elasticsearch directly you will likely need to ask them.
Is Elasticsearch overloaded? Are you using the Monitoring functionality to see what is happening?
now seems like ES overload.
No, how to monitor it ?
When I install x-pack in ES it show the error:
Could not find any executable java binary. Please install java in your PATH or set JAVA_HOME
but I have install the java jdk to the environment variable.
Does you collection pipeline use bulk requests to index into Elasticsearch? What does disk I/O and iowait look like on the Elasticsearch host?
Continuing the discussion from this parallel thread: How to tune elasticsearch performance
sorry, How could I know whether I use bulk requests to index in ES.
disk I/O and IO wait do you mean this :
yes I use /_bulk
What is the size of your bulk requests? How large are your documents?
sorry, where can I find the information.
That will be decided by the application ingesting data into Elasticsearch, so you will need to look there. You may also be able to find out by looking at the network traffic.
Does the ES can tune the performance or the only way is to improve my device (such as CPU or RAM)
Indexing individual documents generally results in dramatically lower indexing throughput compared to using bulk requests, so I would recommend ensuring that you are using bulk requests of an appropriate size before starting to try and tune Elasticsearch.
yes, I thought I am using bulk requests
this is the Application command to pass the flow to ES:
ntopng /c -F "es;ntopng;ntopng-%Y.%m.%d;http://192.168.0.157:9200/_bulk;"
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.
