From eca2a4a9c8227d5065955b03ed299eaa3b7cfdbc Mon Sep 17 00:00:00 2001
From: reyesj2 <94730068+reyesj2@users.noreply.github.com>
Date: Wed, 8 May 2024 16:17:09 -0400
Subject: [PATCH] Logstash consumer threads should match topic partition count
 - Default is set to 3. If there are too many consumer threads it may lead to
 idle logstash worker threads and could require decreasing this value to
 saturate workers

Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
---
 salt/logstash/pipelines/config/so/0800_input_kafka.conf.jinja | 1 +
 1 file changed, 1 insertion(+)

diff --git a/salt/logstash/pipelines/config/so/0800_input_kafka.conf.jinja b/salt/logstash/pipelines/config/so/0800_input_kafka.conf.jinja
index 087ed7755..3d0d03020 100644
--- a/salt/logstash/pipelines/config/so/0800_input_kafka.conf.jinja
+++ b/salt/logstash/pipelines/config/so/0800_input_kafka.conf.jinja
@@ -13,6 +13,7 @@ input {
         codec => json
         topics => ['default-topic', 'kratos-topic', 'soc-topic', 'strelka-topic', 'suricata-topic', 'zeek-topic', 'rita-topic', 'opencanary-topic', 'syslog-topic']
         group_id => 'searchnodes'
+        consumer_threads => 3
         client_id => '{{ GLOBALS.hostname }}'
         security_protocol => 'SSL'
         bootstrap_servers => '{{ bootstrap_servers }}'