ELK: Performance of the Logstash Indexing layer

elasticsearch-logoThe Logstash Indexing layer receives data from any number of input sources, transforms the data, and then submits it to Elasticsearch for indexing.  Transforming and extracting data from every event can be both I/O as well as CPU intensive.

Horizontal or Vertical

Vertical scaling will only go so far in the Logstash indexing layer.  In order to keep up with the processing demand as well as provide availability, horizontal scalability must be employed.

And if you are going to have vertical scaling, you should be using either configuration management (SaltStack, Ansible, etc.) or containers to be able to create extra Logstash indexing instances without excessive manual steps.

Continue reading “ELK: Performance of the Logstash Indexing layer”