Hi,
the
ERR File is falling under ignore_older before harvesting is finished. Adjust your close_* settings: d:Logger\logxxx.log
still occurs during night, however we solved the problem with the growing registry: we have increased the --pipeline-batch-size in logstash and the flush_size in the elastic output. Now everything seems ok during the day, but we found 2 type of error which I can't understand.
We got many occurrences of:
ERR Failed to publish events caused by: EOF
INFO Error publishing events (retrying): EOF
And:
ERR Failed to publish events caused by: read tcp ip:1157->ip:port: i/o timeout
Are they serious problem? I can't understand it as log messages are correctly sent to logstash and elasticsearch.