Hi
I have created an output plugin to forward all the logs to external storage over UDP. But after sometime logstash dies. Is that because of the high load of data? of course, the load of data is quite high; also this is happening in the testbed environment.
udp {
host => 'remote ip'
port => 'port'
}
or is there a limitation in logstash how much data we can send in a UDP packet? Are you able to help me find a solution for it?
also please share with me, if you have elasticsearch, logstash fine tuning guide.
Thank you.
logstash keep dying
Re: logstash keep dying
I suspect not.technosol wrote:Is that because of the high load of data?
Yes, via the buffer_size directive. 8192 bytes by default.technosol wrote:is there a limitation in logstash how much data we can send in a UDP packet?
The Logstash logs held in /var/log/logstash likely have some clues.
Former Nagios employee
https://www.mcapra.com/
https://www.mcapra.com/
-
scottwilkerson
- DevOps Engineer
- Posts: 19396
- Joined: Tue Nov 15, 2011 3:11 pm
- Location: Nagios Enterprises
- Contact:
Re: logstash keep dying
Correct, OP, can you post the output ofmcapra wrote:The Logstash logs held in /var/log/logstash likely have some clues.
Code: Select all
tail -50 /var/log/logstash/logstash.logRe: logstash keep dying
Hi
Thank you for the reply.
I use following UDP output plugin to forwarding logs to an external storage.
https://www.elastic.co/guide/en/logstas ... s-udp.html
However, at the moment I have disabled the plugin as it causes crashing logstash continuously. So I am afraid I can find relevant logs.
Thank you for the reply.
I use following UDP output plugin to forwarding logs to an external storage.
https://www.elastic.co/guide/en/logstas ... s-udp.html
However, at the moment I have disabled the plugin as it causes crashing logstash continuously. So I am afraid I can find relevant logs.
Re: logstash keep dying
I overlooked that this is an output rule. Slightly more relevant documentation:technosol wrote:I use following UDP output plugin to forwarding logs to an external storage.
https://www.elastic.co/guide/en/logstas ... s-udp.html
Which doesn't appear to have any particular restrictions other than the number of worker threads. If the destination system *does* have such restrictions, that could be causing issues within the logstash-udp-output plugin which will eventually choke the message processing pipeline; This kills the Logstash.
No real way of knowing for sure without seeing the specific exceptions being thrown around in the logs, though.
Former Nagios employee
https://www.mcapra.com/
https://www.mcapra.com/
-
scottwilkerson
- DevOps Engineer
- Posts: 19396
- Joined: Tue Nov 15, 2011 3:11 pm
- Location: Nagios Enterprises
- Contact:
Re: logstash keep dying
I completely agree with @mcapra
I will add that you likely want to add the workers directive and a higher number than 1 which will allow more threads to be opened, however this could still backlog if the receiving side cannot accept the messages fast enough
I will add that you likely want to add the workers directive and a higher number than 1 which will allow more threads to be opened, however this could still backlog if the receiving side cannot accept the messages fast enough
Code: Select all
workers => 8