Hi
Hoping you can help me understand what might be happening with our new Logstash installation.
There are a number of devices sending logs, when we start the service everything is processed by Logstash and outputted to Elasticsearch without any issues. However over time the input seems to get less and less, until after about thirty minutes there is barely a trickle of data coming into Elasticsearch?
Neither the Logstash or Elasticsearch servers appear to be under load, CPU use is negligible. However it does appear that memory could be the issue on the Logstash server?
root@logstash:/etc/logstash/conf.d# free -t -m
total used free shared buffers cached
Mem: 2000 1918 81 0 1 7
-/+ buffers/cache: 1910 90
Swap: 2043 1895 148
Total: 4044 3814 230
If I do a search in Kibana for events, in the 45 minutes the server has been running 1,784,794 events have been logged.
The Logstash service eventually stops (usually after around a hour). There is no indication in the logs as to why it stopped however.
I'm very new to this, so maybe I am doing something very daft (most likely)?
Would appreciate any advice on how to diagnose.
Thanks
Paul