Does logstash continue getting log from Kafka if it cannot send log to ELS?

AkatsukiPain · November 17, 2020, 9:26am

I want to build a topology like this, but I don't know the behavior of logstash when elasticsearch dies ( Logstash cannot send the log to Elasticsearch). There are 2 situations that I'm thinking

Logstash will stop getting logs from Kafka.

Logstash keep getting logs from Kafka and save to its queue, if elasticsearch is online, logstash will send logs from the queue to ELS.

Please help me explain more about this.

Wolfram_Haussig · November 17, 2020, 9:40am

Hi,

LogStash will keep receiving events even if ElasticSearch is unavailable. There are 2 points though:

By default LogStash will keep the events in memory. If LogStash is restarted all pending events are lost. To solve this use a persistent queue
The storage space for pending messages is fixed. If the queue is full no new messages are received. The maximum size can be defined for persistent queues

Best regards
Wolfram

system · December 15, 2020, 9:41am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
What should I do with Logstash when ES is died? Logstash	2	459	November 20, 2017
Logstash kafka plugin Logstash	4	272	February 15, 2019
Logstash output streaming when ES is down Logstash	4	860	May 14, 2018
Are the logs lost if elastic search down Elasticsearch	4	598	August 22, 2021
Logstash Kafka Input backpressure from Persistent Queue Logstash	3	1050	October 21, 2019

Does logstash continue getting log from Kafka if it cannot send log to ELS?

Related topics