Hello,
I am sending filebeat data from a network sensor that is running Zeek and Suricata to a logstash server. This server has been sending logs successfully w/o issue for over 6 months. This morning something happened and I am no longer receiving the data. Nothing on the network has changed and nothing in our configs have changed. We are not getting any log messages in the filebeat logs and we aren't seeing any logs in the logstash logs either.
We have checked to make sure that the connections between the two servers are still established and they are. We checked the certs to make sure that they are still valid and they are as well. We checked the DLQ to see if events were just piling up there and it is also empty.
This is the third time I have had this issue in my environments. We have been able to redirect the output from logstash directly to the elastic stack and it works in the other cases, but I am hoping to finally figure out what the cause of this issue is and take care of it.
Thanks,
Alex