Hello, our Elasticsearch cluster is used to store a variety of logs including Windows domain controller logs; I noticed that since adding Cisco netflow logs (which was over a million events ever 15 minutes) Elasticsearch now seems to be collecting much few domain controller logs.
Is Elasticsearch 'overloaded' and what would be the signs of that?
How are the logs getting into Elasticsearch? Do you have any kind of queuing in front of it that you could check the status of?
In the cases where my cluster couldn't keep up, I had similar symptoms ("missing" events that were still queued in Logstash until it got caught up).
Thanks for the reply SpeedDaemon - there are two Logstash servers, the Windows domain controller logs go through one and the Cisco firewall / netflow logs go through the other.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.