On my production cluster, I have Logstash-Forwarder connecting to my two Logstash 1.4.2 indexers via a HAProxy load balancer.
After testing an upgrade to Logstash 1.5.2 on my test cluster, I upgraded production. And everything broke.
Since my test cluster does not have HAProxy involved, I'm certain that's where the worst of my problems are located.
When I told one production LSF instance to bypass the HAProxy, the indexer started receiving events. (Though it ran into lumberjack pipeline errors...).
LSF logged messages like:
Loading client ssl certificate: /path/to/pemfile.pem and /path/to/keyfile.key Setting trusted CA from file: /path/to/CAFile.crt Connecting to [ha.pro.xy.ip]:5043 (haproxy.example.tld) Read error looking for ack: EOF
Anyway, long story short, something in how Logstash handles LSF connections changed between 1.4.2 and 1.5.2. That change made HAProxy stop working.
Note, as soon as I restored Logstash back to 1.4.2, it started working again.
Oh, and I am using the elasticsearch_http plugin with 1.4.2, and the elasticsearch plugin with http protocol on 1.5.2.