Logstash can be considered an ETL tool, where it extracts (or receives) data from various sources, transforms it in diverse ways, and then loads it into Elasticsearch (or sends it to other destinations). Because of the incredible flexibility in configuration, there is often more than one way to accomplish the same task with Logstash. This can lead to frustration if the way you've configured something is not as performant as it could be.

In this talk I will describe how to avoid the pitfalls of Logstash configuration. I will demonstrate how to measure and monitor performance and see where your bottlenecks are, and then go through different ways to address them. I will show how splitting a workload into different pipelines may be a better option than a highly complex single pipeline, and why this is frequently an optimal choice.

This talk will also cover some of the performance improvements and configuration changes coming to Logstash, which further address the same topic.

This talk presupposes familiarity with Logstash and its configuration. It will not be as useful to someone without that knowledge. [303]

Comments

Comments are closed.