Logstash Stopped Forwarding Messages to GrayLog After Some Time


(Haroon Khan) #1

Hi guys

I have four servers from which i am sending the logs directly to my Gray log server. My Conf file looks like the following.

input {

file {
	type => "apache-localhost"
	path => "/var/log/tomcat8/localhost_access_log.txt"
	start_position => "beginning"
}

file {
	type => "apiusage"
	path => "/var/log/tomcat8/APIusage.log"
	start_position => "beginning"
}

file {
	type => "caching"
	path => "/var/log/tomcat8/caching.log"
	start_position => "beginning"
}

file {
	type => "dispatch"
	path => "/var/log/tomcat8/dispatches.log"
	start_position => "beginning"
}

file {
	type => "facade-exceptions"
	path => "/var/log/tomcat8/FacadeException.log"
	start_position => "beginning"
}

}

For a good period of time the logstash server forwards the messages properly but it stops after some time. I even restarted the logstash process and also my GrayLog2 server but it dint work. Can someone please help on this.

Regards
Haroon


(Jurgens Du Toit) #2

Hey

Is there anything in the Logstash or greylog logs that will give an indication of what's going on? If there's nothing in the Logstash logs, you can try to enable debugging output (--debug) to get more information.

J


(Haroon Khan) #3

Nop there is nothing i have restarted my logstash multiple times with the intervals of about 5 mins, then i restarted logstash after half an hour which did the trick for me. But I dont know the actual reason behind this behavior. I am continuously monitoring my graylog inputs and they are behaving fine.


(Haroon Khan) #4

I have also observed that if there is a CPU Utilization Spike, the logstash sort of freezes and stops sending the logs to the graylog2 server.. Thoughts Everyone??

Haroon


(system) #5