Hi there,
I wasn't able to find much information in the documentation about how Filebeat reacts when the elasticsearch output server is unavailable for a period of time.
Does it give up on any logs it tries to send? An interruption should not be more than 1 hour where Filebeat cannot reach the elasticsearch instance but I was wondering what if.
Thanks
Filebeat provides send-at-least-once. That is, it will retry infinitely until events are ACKed by Elasticsearch. Retry is subject to exponential backoff, starting at 1s, up to max 60s.
This topic was automatically closed after 21 days. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.