Hey folks,
I'm having a weird issue that I cant seem to solve. I have multiple winlogbeats shipping event logs to a logstash server which then forwards it to an elastic ingestion node which servers the cluster.
Recently I've been noticing that logstash stops shipping data and slowly tapers off. If I restart the service, data starts flowing for a bit then tapers off. Logs don't have any errors present for logstash. I'm wondering if its some sort of performance or config issue. For example I should have 800 hosts reporting, logstash will restart then send over logs for 400 endpoints, then slowly decrease till it stops.
Any ideas what to look for? Ram/CPU seem fine. JVM is at 50% usage.