I am new to ELK. I have my ELK stack working and polling logs using rsyslog.
How do I monitor connection from several servers(using rsyslog) to logstash. I am looking for an alert when xxx host stops sending logs to ELK for last 30 minutes or so.
Logstash itself isn't able to do this (with the standard plugins), but you can easily hook up Logstash to Lovebeat and have the latter detect when the per-host message frequency changes too much from the norm.