I've noticed quite a few of these errors with the elastic output plugin in /var/log/logstash/logstash-plain.log:
"Could not index event to Elasticsearch. {:status=>400, :action=>["create", ...
The solution to fix the error itself is pretty well-documented. I'm concerned about how to monitor and address these issues as they appear.
When a log isn't able to be indexed like this, does a summary of the error get index into Elastic? Or would I need to come up with my own solution to proactively fix these errors?
Like sending this log to elastic myself (with a grok pattern to properly parse the logs, if a plugin isn't available), or writing some sort of a script to periodically grep the log?