Hi,
Looking for some suggestion on how to investigate this issue really.
I have one logstash server set up in Ubuntu (6.4.2) and I have a slew of servers sending filebeat, metricbeat and winlogbeat logs to this server. I added the same agents to a few new servers and I don't see any docs being indexed for them in ES.
I have another logstash server set up with the same config file, but I use it for testing config changes. If I change the host IP in the beat agents to point to this server - all the logs come streaming through. Not seeing any errors showing on the first server. AWS cloudwatch monitoring of the server shows 30% cpu load. The AWS instance type is m5.xlarge (4 cpu, 16GB RAM). I increased the JVM memory to use 15GB.
Any other ideas on investigating this? Do you think load balancer would help and have 2 instances behind it? I will probably switch to load balancer anyway just so I am not using IP addresses in my beat config files! Does logstash use ELB effectively? Thought I saw some discussion about it using persistant links or something...
Thanks for any tips,
Fiona