14 Dezember 2015

Brewing in Beats: Webinar and Performance Optimizations

Von Monica Sarbu

Welcome to Weekly Beats! With this series, we're keeping you up to date with all that's new in Beats, from the details of work in progress pull requests to releases and learning resources.

Learn more about the Beats from our Webinar

Last week we demoed Topbeat, Filebeat and Packetbeat in front of a big audience. Check the summary of the Webinar here and watch the one hour demo to see the Beats in action and the hands on training presented directly by the Beats development team.

Unified Changelog

We combined all CHANGELOG.md files from all the Beats repositories into a single CHANGELOG.asciidoc in this improvement. For each release the following sections are available: Breaking changes, Bugfixes, Added and Deprecated and contain details about the changes  in each Beat including libbeat.

Group cpu usage per core information

Thanks to a community contribution, cpu usage information is exported for each available core under the main root. Currently it is available only on Unix systems. Depending on the number of cores on your server, the number of exported fields can be quite high. To have a cleaner and organized output, we decided to group all the cpu usage per core information into the cpus group and here is the result. Additionally the cpu_per_core configuration option is added to make all this specific information optional.

TCP layer drop connection state on gap

A problem appeared when there was a gap in the TCP stream that caused parser errors, crashes and current packet data lost. To fix the issue the connection is dropped and re-initalized when a gap occurs.

Winlogbeat

The Winlogbeat is currently able to read the event logs from the Event Logging API that is provided in Windows XP, Windows 2003 and works also on all newer versions, but some events cannot be read through this API. The next step would be to read the event logs from Windows Event Log API that is available on the newer Windows systems: Windows Vista, Windows Server 2008 and give you additional information. You can watch the evolution of the new Beat under this meta issue.

Change default configuration file path

In the previous version, the default directory of the configuration file was set differently depending on the OS, so each binary package had a different default path to the configuration file. The fix simplifies it by setting the default directory of the configuration file to the directory where the binary is placed.

Benchmarking  Packetbeat

Packetbeat is parsing each message received on the network and allocates memory for each set of data to extract. This week we run some small experiments to reduce the number of memory allocations in the HTTP parser and Redis parser.

New Blog Post

All the Beats are now leaving together in the same GitHub repo. Read here about how we merged all the GitHub repositories into one.