Hi all,
Asking for a bit of help here, because we're having a bit of trouble diagnosing an issue with our logstash implementation.
In an IOT-like implementation, we have several clients sending logs to our logstash instance through the tcp input node. Our clients are devices running python apps, that use this library to send their logs to logstash:
This library enables logging to logstash in an asynchronous way, and storing of logs in a database if the logstash instance can't be reached.
After some time (usually from 3 to 5 days), logstash will stop logging. We first thought the output node was the problem, but tests with different outputs showed that there was actually no input.
Our devices can shutdown at any time, and so abruptly that probably no clean disconnection can be made (we had a similar problem with DB connections). So what we think is that logstash may be at some point flooded with inactive tcp connexions so it stops receiving logs via tcp.
Does the TCP input node have a limited connections pool? (the doc doesn't say a word about that) Does Logstash? Can we monitor it?
Is there a way we can monitor how many TCP clients are connected to logstash's TCP input node? What the connections status are?
Is the TCP input node dropping inactive connections after a timeout? Can we change that timeout? (We tried letting logstash be after it stopped receiving logs to see if a timeout would clean connections, even for several days, and it would never resume).
Here is our (very basic) code for the TCP input node:
input {
tcp {
port => 5959
ssl_enable => true
ssl_verify => false
ssl_cert => "some file"
ssl_key => "some file"
}
}
Thank you for your help.