We're currently using logstash to collect and filter netflow data from network devices (switches, routers, etc). However, periodically the logstash server that the netflow data is being shipped to will stop exporting to elasticsearch. The process is still running, no errors in the logs, and we have debug turned on for the input and it still shows new netflow data coming in. However, it never makes it to elasticsearch. Is there somewhere I can look are some kind of debug logging that I can turn on for logstash-server (as opposed to the input) to determine what causing this?
What version are you on.
Do you see anything in the Elasticsearch logs?
I'm using elasticsearch 1.1.2 and logstash 1.4.3. I don't see anything in the elasticsearch logs until after logstash resumes exporting to elasticsearch.
elasticsearch just shows logstash disconnecting after the service was restarted. logstash just shows some plugin warnings due to service restart.
logstash config is here