Hi all,
I know Logstash isn't made to be a batch processing tool i.e. only process logs at a certain period or time?
Scenario - I have large amounts of logs coming from a firewall via filebeat to a logstash server. It works well but the processing is taking quite a bit of the servers resources. I would like to process all these logs at night though.
Now I could start and stop the Logstash service but what happens to the filebeat service on the firewall since it can't reach the logstash service. How much does it buffer for a batch before it starts dropping the logs or will it send all the logs since the last time it could contact the logstash server?