Logstash configuration best practices

StackOverflow https://stackoverflow.com/questions/22257956

  •  11-06-2023
  •  | 
  •  

Question

I'm new to logstash but I like how easy it makes shipping logs and aggregating them. Basically it just works. One problem I have is I'm not sure how to go about making my configurations maintainable. Do people usually have one monolithic configuration file with a bunch of conditionals or do they separate them out into different configurations and launch an agent for each one?

Was it helpful?

Solution

We heavily use Logstash to monitor ftbpro.com. I have two notes which you might find useful:

  1. You should run one agent (process) per machine, not more. Logstash agents requires some amount of CPU and memory, especially under high loads, so you don't want to run more than one on a single machine.
  2. We manage our Logstash configurations with Chef. We have a separate template for each configuration and Chef assembles the configuration by the roles of the machine. So the final result is one large configuration in each machine, but on our repository the configurations are separate and thus maintainable.

Hope this helps you.

OTHER TIPS

I'll offer the following advice

Send your data to Redis as a "channel" rather than a "list", based on time and date, which makes managing Redis a lot easier.

http://www.nightbluefruit.com/blog/2014/03/managing-logstash-with-the-redis-client/

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top