Hello Support team,
We are using ELK stack for doing business monitoring of Air Shopping site. Please find attached the Architecture of ELK stack in the production environment.
We recently came across incidents where Logstash suddenly stops processing the data pushed by log shippers from multiple application server instances. During the incident, we could observe the Logstash process as running but the new logs were not getting processed and hence the data found missing in Kibana. We checked for logs but couldn’t understand the reason behind the occurrence. We could see that the issue gets resolved after restarting the Logstash server.
Could you please help us to understand the cause and solutions to avoid this in future. We are losing the business monitoring data during the window of occurrence and it is impacting the effective business monitoring.
Is this a known issue in the ELK version which we are using now, version upgrade help us?
Please find below the ELK server version which we are using in our production environment.
Redis: 3.0.3
Logstash: 1.5.4
Elasticsearch: 1.7.2
Kibana: 4.1.2
Shipper: 1.2.2
Thanks & Regards,
Basil K Varghese