This test confirms what many logstash users have already reported: it is easy to achieve a 5-6x increase in storage from raw logs caused by common logstash filter uses, for example grok.
Summary of test results:
Enabling store compression uses 55% less storage
Removing the @message and @source fields save you 26% of storage.
Disabling the '_all' field saves you 13% in storage.
Using grok with 'singles => true' had no meaningful impact.
Compression ratios in LZF were the same as Snappy.
Final storage size was 25% the size of the common case (1358mb vs 344mb!)
I was wondering how Nagios configured compression?
From version 0.90 onwards, store compression is always enabled.
From version 0.90 onwards, all stored fields (including _source) are always compressed.
In the most recent version of Nagios Log Server, Elasticsearch is at version 1.3.2, implying that compression is turned on.
Is there anything else we could help you with answering?
TwitsBlog Show me a man who lives alone and has a perpetually clean kitchen, and 8 times out of 9 I'll show you a man with detestable spiritual qualities.
