Skip to:

  1. Skip to Jira Navigation
  2. Skip to Side Navigation
  3. Skip to Main Content

Insufficient performance

Description

We are using LogStash in our Cocaine cloud project as logging service, which provides indexed log transport from cloud nodes to Elasticsearch. Everything was perfect until we noticed significant data loss (~20%) on fairly medium load (~1000-1500RPS). In production environment we have about 5-20k events per second, so we are in trouble . So can you give us some advises about how to cook LogStash to increase its performance?

We are using it the next way:

LogStash 1.2.2.
Json-event | => udp input (json-lines coded) => elasticsearch output.
Medium event size is approximately 120 bytes.

I've also done some benchmarks on blocking tcp socket/input with null output, and it gave me about 3kRPS. At last I've tried to pack events with msgpack, and it gave no appreciable difference.

Gliffy Diagrams

Activity

Show:

Jordan Sissel March 24, 2014 at 4:53 AM

The UDP input plugin recently had some performance improvements done to it:

https://github.com/elasticsearch/logstash/pull/1098
https://github.com/elasticsearch/logstash/pull/1003

These patches are available in Logstash 1.4.0. I am tentatively marking this issue fixed becuase we have improved udp performance.

I still highly recommend avoiding udp if you need reliable message transmission, but maybe the performance improvements help your situation.

Fixed

Details

Assignee

Reporter

Labels

Fix versions

Affects versions

Created January 9, 2014 at 12:00 PM
Updated March 24, 2014 at 4:53 AM
Resolved March 24, 2014 at 4:53 AM