Logstash Dies when Elasticsearch is restarted

Bradly · February 25, 2016, 9:48pm

Everytime I restart any of the elasticsearch nodes they logstash server stops sending logs to any of them. I have it setup to send data to all 5 host in my cluster from the netflow on our core router. The output lines look like this:

output {
elasticsearch {
index => "logstash-cisco-asa-5512-netflow-%{+YYYY.MM.dd}"
hosts => ["172.16.0.5:9200", "172.16.0.4:9200", "172.16.0.3:9200"]
flush_size => 1
}

I am still pretty new to this whole ELK process but am really enjoying learning it and being able to process the data from our busy core router in real time is an awesome feat.

Brad

warkolm · February 26, 2016, 12:27am

When you restart your node, is the cluster as a whole still available?

Are you following the restart procedure? https://www.elastic.co/guide/en/elasticsearch/guide/master/_rolling_restarts.html

Topic		Replies	Views
Logstash stops exporting netflow data to elasticsearch Logstash	4	1233	July 6, 2017
Data loss on shutdown of node in a 3 node cluster Elasticsearch	2	347	July 6, 2017
ES cluster restart, any impact on Logstash output? Logstash	1	254	September 23, 2019
Sniffing recover after all instances are down Logstash	1	676	August 12, 2019
Logstash stops sending docs to elasticsearch, starts over after restart of process Logstash	4	645	April 30, 2019

Logstash Dies when Elasticsearch is restarted

Related topics