I have a very strange problem and I'm not sure how to search for it or how to troubleshoot.
I have a VM as a load balancer using NGINX. I've setup filebeat on that vm and it appears to be working.
My logstash VM is a docker container and is ingesting logs from web app vms and this load balancer vm.
In Kibana when I do a search for log entries from the load balancer vm, call it lb-01 the logs are only there for a set timeframe. Any other times, there are none. But there are other logs available.
October 19th 2018, 20:00:00.893 - October 21st 2018, 19:59:59.198
October 25th 2018, 20:00:00.679 - October 26th 2018, 19:59:59.451
November 1st 2018, 20:00:00.059 - November 2nd 2018, 19:59:59.265
note the time change
November 16th 2018, 19:00:00.907 - November 18th 2018, 18:59:59.842
Based on these times, I see that something is scheduled but I can't figure it out. It's weird.
Any thoughts?
Chris