Hello there,
I am using the latest releases of the ELK stack, but I have an issues that I had with Logstash version 2.4.2 and that I also have with my current one. This is a standalone solution that receives logs from several sources via tcp/udp.
I have a lumberjack output to a server:
output {
if (rule) {
lumberjack {
hosts => "IP"
port => port
ssl_certificate => "certificate"
codec => plain {format => ...}
}}}
If the remote server that I have goes down or the connection is lost, I get stuck in CLOSE_WAIT on the logstash side.
I have tried looking in other topics, but I failed to see any that had a similar behaviour. If there is one please direct me to it.
Thanks.