Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache and message broker. It supports data structures such as strings, hashes, lists, sets, sorted sets with range queries, bitmaps, hyperloglogs and geospatial indexes with radius queries.
During setup, you can choose to extend your master server storage using separate storage nodes. When you choose this option, Logstash on the master server outputs to Redis. Storage nodes then consume from Redis.
To see how many logs are in the Redis queue:
If the queue is backed up and doesn’t seem to be draining, try stopping Logstash on the master server:
Then monitor the queue to see if it drains:
watch 'sudo so-redis-count'
If the Redis queue looks okay, but you are still having issues with logs getting indexed into Elasticsearch, you will want to check the Logstash statistics on the storage node(s).
We configure Redis to use 10% of your total system memory. If you have sufficient RAM available, you might want to increase the
maxmemory setting in
Logstash on the master server is configured to send to Redis via
/etc/logstash/conf.d.redis.output/9999_output_redis.conf. For best performance, you’ll want to ensure that
batch is set to
true and then tune the
batch_events variable to find the sweet spot for your deployment. For more information about logstash’s output plugin for Redis, please see https://www.elastic.co/guide/en/logstash/current/plugins-outputs-redis.html.
Logstash on storage nodes pulls from Redis via
/etc/logstash/conf.d/0900_input_redis.conf. For best performance, you’ll want to tune
threads to find the sweet spot for your deployment. For more information about logstash’s input plugin for Redis, please see https://www.elastic.co/guide/en/logstash/current/plugins-inputs-redis.html.
If you try the above tuning suggestions but redis continues to back up, you might want to consider the new LOGSTASH_MINIMAL option for increased pipeline performance.