Hi there
Could you someone figure out this?
Let me say my scenario first.
I stream app logs using tcp input , then use grok filter , after that use ship to amazon Elasticsearch domain.
I stream two app logs actually.
eg; app1 comes from tcp port 5509, app2 comes form tcp port 5508
It sounds really work 3 months and reliable.
But now I found app2 log not coming anymore these days.
when I check I found index doc date is one day late. plz see yellow box in pic.
why index is one day late? my output filter is like this
output {
amazon_es {
hosts => ["host1234"]
region => "ap-southeast-1"
aws_access_key_id => "id1234"
aws_secret_access_key => "key1234"
flush_size => 50000
idle_flush_time => 10
index => "logstash-%{+YYYY.MM.dd}"
}
}
have anybody experienced on this?
i would appreciated if someone point out to me.