New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Logstash udp size limit #1505
Comments
For the udp case, I think that I have found the solution : I cannot test it now, but I will tell you if it works. |
You shouldn't have to edit the plugin file. There is a buffer_size configuration directive for the udp plugin already. http://logstash.net/docs/1.4.2/inputs/udp On Mon, Jul 7, 2014 at 7:43 AM, bossy78 notifications@github.com wrote:
|
The read size of udp can be changed: -Jordan On Monday, July 7, 2014, bossy78 notifications@github.com wrote:
|
Ok thanks for your answers. |
Why is the limit 8k and not 64k like the RFC specifies? |
@iElectric There is no such thing as a "limit" here. It's a setting which is tunable. I picked 8k for a default for reasons that are perhaps unimportant. You are welcome to change the size of a read as noted here: #1505 (comment) I am open to changing the default value. If you wish the default value changed, please open a new ticket where we can discuss this. :) |
Sure, see #2111 |
I'm trying to get one xml file into logstash, but it keeps splitting up into pieces. I've raised the 'limit' like so:
However, when I insert a file for testing like so:
I'm still getting 35 partials. Is The |
@Redsandro did you achieve that in the meantime ? I have a similar need. |
@Farfaday I think the problem was using
|
I am monitoring my companies applications. They send their logs via an udp appender (log4net) and my logstash agent receives them via an udp input. Everything was working well: my logs were groked and then stored in elasticsearch and displayed in kibana. Until today, I noticed that "big" logs where truncated, all the caracters after the 8151-th caracter are not displayed in the "message" field event, and so I am getting grokparsefailure. So basically, my question is the following : Does logstash have a limit size for each event/message received via udp, or more generally, via any input.
Thanks in advance, for your help.
The text was updated successfully, but these errors were encountered: