-----Original Message----- From: David Lang <[email protected]> Reply-To: rsyslog-users <[email protected]> Date: Tuesday, April 8, 2014 at 2:53 PM To: rsyslog-users <[email protected]> Subject: Re: [rsyslog] Rsyslog w/ logstash-elasticsearch-kibana server
>On Tue, 8 Apr 2014, Rick Brown wrote: > >> Today I've setup my central rsyslog server to replay the logs via >>omudpspoof >> to a logstash server -> ES. It's already indexing about twice as much >>as just >> rsyslog -> ES was using the recipe in the first link below, and I >>haven't even >> begun to dig into the scads of plugins available for logstash. > >Interesting, a couple of questions > >1. why did you need udpspoof > >2. you say that you are getting logs into ES faster rsyslog -> logstash >-> ES >than you were rsyslog -> ES, this is surprising. This is something that >it >sounds like we should dig into, rsyslog -> ES should be faster. > >Is there any way we can recreate the rsyslog -> ES setup to find the >bottleneck? I'm really curious about this as well, because eliminating logstash to "boost performance" is something I am seriously considering. What logstash and elasticsearch versions? I wonder if it has anything to with the fact logstash (if the docs I've read are right) has an embedded elasticsearch client which is versioned along with es releases...maybe the client used by rsyslog just needs refactored? _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
