Hi there,
I wasn't able to find much information in the documentation about how Filebeat reacts when the elasticsearch output server is unavailable for a period of time.
Does it give up on any logs it tries to send? An interruption should not be more than 1 hour where Filebeat cannot reach the elasticsearch instance but I was wondering what if.
Thanks
Filebeat provides send-at-least-once. That is, it will retry infinitely until events are ACKed by Elasticsearch. Retry is subject to exponential backoff, starting at 1s, up to max 60s.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.