Hello friends!
Just say, I'm not an expert in Logstash or elasticsearch.
I have logstash 1.4.2 cluster, one master and two nodes for data.
I have a lot of logs sending to my cluster every day. And once, logstash stopped to answer for any of my commands, and without thinking twice I reboot the whole system. Things began to happen again and again.
Then I found out a parametr LS_HEAP_SIZE which I increased from 600m to 8g 
But it didnot help as I expected, and the cluster was felt in 5 days after 8 gb was eatten. It looks like OOM killer.
How may I perfom my system?
ES_HEAP_SIZE is 4g for master, and 10g for each of nodes.
My input.conf:
input {
#################################### Cisco
udp {
port => 60606
type => syslog
}
#################################### sysLog
tcp {
port => 10514
type => syslog
}
#################################### vmWare
tcp {
port => 1514
type => syslog
}
################################### GELF
gelf {
codec => "plain"
host => "0.0.0.0"
port => 12201
type => "gelf"
}
################################ ERLANG
udp {
codec => "json"
host => "0.0.0.0"
port => 12211
type => "erlang"
}
Meanwhile, i found this article: https://github.com/logstash-plugins/logstash-input-lumberjack/issues/10 and think that it's my resolve, but I have only UDP and TCP and GELF inputs 
Please give me some advice, thanks!