Issues with LogStash and falling number of received logs
Posted: Fri Apr 09, 2021 7:34 am
Hi all,
Can you please help us try to understand our current predicament with a constant falling number of log entries after every logstash restart.
We currently feed NLS with quite a number of logs, and what we have noticed is that there is always a surge in entries (between 50k and 150k) and then it looks like the system struggles to manage and the entries per 15min fall to only 1500 entries.
After investigations within our team we have noticed that we do have an issue with logstash in NLS. The CPU for logstash increases around 400 to 500% and then the shipping of logs to NLS reduces significantly.
The logstash process seems to be in hung state or hibernating and no logs produced in /var/log/logstash/logstash.log
The issue resolves after we restart logstash and problem comes back after few hours.
Below are the loadavg and cpu of logstash process.
The allocated max memory for the process is 500mb and it seems to be insufficient.
Can you please help us try to understand our current predicament with a constant falling number of log entries after every logstash restart.
We currently feed NLS with quite a number of logs, and what we have noticed is that there is always a surge in entries (between 50k and 150k) and then it looks like the system struggles to manage and the entries per 15min fall to only 1500 entries.
After investigations within our team we have noticed that we do have an issue with logstash in NLS. The CPU for logstash increases around 400 to 500% and then the shipping of logs to NLS reduces significantly.
The logstash process seems to be in hung state or hibernating and no logs produced in /var/log/logstash/logstash.log
The issue resolves after we restart logstash and problem comes back after few hours.
Below are the loadavg and cpu of logstash process.
The allocated max memory for the process is 500mb and it seems to be insufficient.
